remcos | 79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quote.exe

windows7_x64

Quote.exe

windows10_x64

Sharing

General

Target

Quote.exe
Size

233KB
Sample

210217-tzlm4actmn
MD5

a96067cac28b1f5c3de4e1b6c7d0a402
SHA1

51c65c8ece4bfd5c7d1b09105440f3f02d3b14ca
SHA256

79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222
SHA512

1627058a9a884965bce4ece1ccf03c24a849cd79fe883c923ae2eb56c8e0bbb730cf823e550c080685af1f906a38f2847a65dc8ed236181d97eee9ddcfc3f96e

Score

10^/10

remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Quote.exe

Resource

win7v20201028

remcos persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quote.exe

Resource

win10v20201028

remcos persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:4299

Targets

- Target
  
  Quote.exe
- Size
  
  233KB
- MD5
  
  a96067cac28b1f5c3de4e1b6c7d0a402
- SHA1
  
  51c65c8ece4bfd5c7d1b09105440f3f02d3b14ca
- SHA256
  
  79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222
- SHA512
  
  1627058a9a884965bce4ece1ccf03c24a849cd79fe883c923ae2eb56c8e0bbb730cf823e550c080685af1f906a38f2847a65dc8ed236181d97eee9ddcfc3f96e
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat

© 2018-2024

Terms | Privacy