remcos | 13d2043597d9277e97a4996c4f04266e462b4332a0df325417bf7ac578376c7c | Triage

Sharing

General

Target

IMG-20210406-WA0004-55YH701.rar
Size

296KB
Sample

210413-te4pcrw65e
MD5

18f94106296f1ef173a670b2c833ec3c
SHA1

d8f16cc20f6ccdee49271ac1640de89d0e795843
SHA256

13d2043597d9277e97a4996c4f04266e462b4332a0df325417bf7ac578376c7c
SHA512

c8da099e6595c09c403cc8e6e35793c432569af216a94b8de8d4e8334eb2a2d3a52d1bff91cda035c0489c5c8784894fa164cb8218d78c9daf4c4a71d2a7e196

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

www.swqrn.com:16108

Targets

- Target
  
  IMG-20210406-WA0004-55YH701.exe
- Size
  
  761KB
- MD5
  
  d7de799d728a8effd9e4ef0f6a776e88
- SHA1
  
  4b4a18a2c6d6e0b9ea6cfd6175b064f1622f4620
- SHA256
  
  770239e721583e7852323517a01a9bc5ec4922e612104b48ae79ae442c0c697f
- SHA512
  
  77b29325453c72bd997b199fa728e5d8572f274a856ed2a0989a46c34f3bc101b12cf27d9c9f67b5dd3704e2a74151e4f657bb4b1f33439bc92d853d389f1b4f
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat