remcos | a6702c496e54caa5ad96678e0f6c998b709b65407157664217d1f76b124ac1f9 | Triage

Sharing

General

Target

Ordine-045-01-26.rar
Size

238KB
Sample

210126-xzm386ehrx
MD5

4d1647f5f92a56b7fa0e795a18fc43c0
SHA1

e3bb1deb619a2873a78d5cc5148399fe55f64548
SHA256

a6702c496e54caa5ad96678e0f6c998b709b65407157664217d1f76b124ac1f9
SHA512

9c5035606cc54d80b983beec9dbc5abfd408d9c35a6871f970e09084cd0f0f850e1a8fa7da85dca58a8fa7e55480df537a796e238fb85b918f41851b84071e65

Score

10^/10

remcos persistence rat

Malware Config

Targets

- Target
  
  Ordine-045-01-26.pif
- Size
  
  625KB
- MD5
  
  730ecb6080a693f0b5d06332a2180f39
- SHA1
  
  70be294a8bd3a5ba2afc28d58cc797e0eb900db8
- SHA256
  
  a2be886abe60ef9b7df2a228fbfa8c44d06f75d685cf0ce1133e2453fba3cec1
- SHA512
  
  c0beb2d412284eeec6240e1d302eddb9a7b4b15a14cb05293ee094a2b0ef7e7984f33564205507501d8c9d9186e082a7c5a5115ee0ad5cdde817c6a1e1de2f9a
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat