remcos | 0411d6c486813481377f4ac5f6f627e2b525806f423b17c8d0d51fcfcf947693 | Triage

Sharing

General

Target

CONTRESEENPDFHOSPIPAG6278350002 CONTRESEENPDFHOSPIPAG6278350004.exe
Size

500KB
Sample

210126-3g49x2n8bn
MD5

47579fdbd5b1e2b7be01ad78c17cf9db
SHA1

939873db2d3e78223e152bb29b2df24020f2300e
SHA256

0411d6c486813481377f4ac5f6f627e2b525806f423b17c8d0d51fcfcf947693
SHA512

60251e702144e9b21d31372826c0533fd9da5773ec0aedc6ee7338b55aacf93ff0daed41d943d53643dedae63a3d4a5168808b4b49711edf699fee3253743ae2

Score

10^/10

remcos ransomware rat

Malware Config

Extracted

Family

remcos

C2

trump89238.duckdns.org:1212

Targets

- Target
  
  CONTRESEENPDFHOSPIPAG6278350002 CONTRESEENPDFHOSPIPAG6278350004.exe
- Size
  
  500KB
- MD5
  
  47579fdbd5b1e2b7be01ad78c17cf9db
- SHA1
  
  939873db2d3e78223e152bb29b2df24020f2300e
- SHA256
  
  0411d6c486813481377f4ac5f6f627e2b525806f423b17c8d0d51fcfcf947693
- SHA512
  
  60251e702144e9b21d31372826c0533fd9da5773ec0aedc6ee7338b55aacf93ff0daed41d943d53643dedae63a3d4a5168808b4b49711edf699fee3253743ae2
Score

10^/10

remcos ransomware rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosransomwarerat

behavioral2

remcosransomwarerat