Extracted

• • Target

    document_v152120.doc

  • Size

    12KB

  • MD5

    3c9b171aa4191384845ffc13021f3a7f

  • SHA1

    0acd262c9aad61b328b4d37a3460ba41630ef3a0

  • SHA256

    140ee2b8d6fba55259d70bab833fbae1924c7426bb8ddc79aaa5088435281872

  • SHA512

    62bd151a6e9520133a6e1257f06ebe8bfcd0da71f7665a402b9d136c48c561f3b17eaae462cc709845c503de89d208d735caacb7e5df234ad2397900d7de89cc

  Score

  10^/10

  remcospersistenceransomwarerat

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Enumerates physical storage devices

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  behavioral1behavioral2