remcos | d8c426e36e50d3a7f8f51f8fb624959e3c985885c5d1713dff3b2803f393d2be | Triage

Sharing

General

Target

5322da5b873f65a2099b81101357dda31b2fdf952749517af9754401708052af.zip
Size

435KB
Sample

210414-l9y95dwqtn
MD5

de85d14670e6f25137fe2648ce30856d
SHA1

6d76504a004ef1b85857037fe40749ca80833034
SHA256

d8c426e36e50d3a7f8f51f8fb624959e3c985885c5d1713dff3b2803f393d2be
SHA512

339f2c8f24a90792a24d738f4f63f0a39507ec2b1e5d80e932a42885ab938d0447a2cbbbc8dd80f42aa6b652f480fe51cd1709ecaa09eb9904685f9cf370081b

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

goddywin.freedynamicdns.net:6712

Targets

- Target
  
  5322da5b873f65a2099b81101357dda31b2fdf952749517af9754401708052af
- Size
  
  613KB
- MD5
  
  6ffe0bd2a7d5aa9ca097c61562634d7b
- SHA1
  
  02d7fa0c0bec4aaf4aa3473d9bb7c3d4b3dede79
- SHA256
  
  5322da5b873f65a2099b81101357dda31b2fdf952749517af9754401708052af
- SHA512
  
  2bb3c86904251008b52b287234254f35a1e506ad6b7d8c9252406fddb4b3f21f344a945071d0450538088a99f511ea38d5934af6968de033e0df58b594de5cc6
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2