remcos | 0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a | Triage

Sharing

General

Target

POEA DELISTED AGENCIES (BATCH A).PDF.exe
Size

515KB
Sample

210218-9ss3zgpt1n
MD5

217179aac1ed3994614e7c8666d2f82b
SHA1

d62998531aea7d6acb9d0add1f168739e2e9eab1
SHA256

0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a
SHA512

fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

shahzad73.casacam.net:2404

shahzad73.ddns.net:2404

Targets

- Target
  
  POEA DELISTED AGENCIES (BATCH A).PDF.exe
- Size
  
  515KB
- MD5
  
  217179aac1ed3994614e7c8666d2f82b
- SHA1
  
  d62998531aea7d6acb9d0add1f168739e2e9eab1
- SHA256
  
  0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a
- SHA512
  
  fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2