remcos | 40c24c9db30fb9576c068e8ba344a31de97ed75448354c910f40a7ad38ab5850 | Triage

Sharing

General

Target

Urgente RFQ_AP65425652_032421,pdf.exe
Size

780KB
Sample

210414-adtzsy99r6
MD5

d52e2a012af5c07a04750f9afd837f6b
SHA1

fd110cd83cd65e3499ea75d41b259303fdb2200c
SHA256

40c24c9db30fb9576c068e8ba344a31de97ed75448354c910f40a7ad38ab5850
SHA512

cbebd2bcee2c9d21f3c82d2fa662a1ddd56a36e09df93ac1301fb785f384a5728686e29f62b459ff2fa14ee3681468776a1c202738050844ae024526492e71ab

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

goddywin.freedynamicdns.net:6712

Targets

- Target
  
  Urgente RFQ_AP65425652_032421,pdf.exe
- Size
  
  780KB
- MD5
  
  d52e2a012af5c07a04750f9afd837f6b
- SHA1
  
  fd110cd83cd65e3499ea75d41b259303fdb2200c
- SHA256
  
  40c24c9db30fb9576c068e8ba344a31de97ed75448354c910f40a7ad38ab5850
- SHA512
  
  cbebd2bcee2c9d21f3c82d2fa662a1ddd56a36e09df93ac1301fb785f384a5728686e29f62b459ff2fa14ee3681468776a1c202738050844ae024526492e71ab
Score

10^/10

persistence remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

remcospersistencerat