remcos | 2ea5323ec44c9ea6daf628b235e9e792196534878095934d918cfa42644fe441 | Triage

Submit
Reports

Overview

overview

Static

static

1

Bestätigu...df.exe

windows7_x64

Bestätigu...df.exe

windows10_x64

Sharing

General

Target

Bestätigung des Auftragsangebots,pdf.exe
Size

202KB
Sample

210414-qsje1tccp6
MD5

a23a43be29a58e0ad6d608aa79a3dd06
SHA1

99c1844172ab5a3b7e341d7598ec3831991382df
SHA256

2ea5323ec44c9ea6daf628b235e9e792196534878095934d918cfa42644fe441
SHA512

c189c368e016b0362ed8bd9540f29ee3c1dc5be0982bf9dcb864ea4638cf914df07f5a0165f3fe6da4651f0783bcd98c9bf82360343c8d487e3ae1f9244ae002

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

Bestätigung des Auftragsangebots,pdf.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bestätigung des Auftragsangebots,pdf.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

zubby2468.hopto.org:8905

Targets

- Target
  
  Bestätigung des Auftragsangebots,pdf.exe
- Size
  
  202KB
- MD5
  
  a23a43be29a58e0ad6d608aa79a3dd06
- SHA1
  
  99c1844172ab5a3b7e341d7598ec3831991382df
- SHA256
  
  2ea5323ec44c9ea6daf628b235e9e792196534878095934d918cfa42644fe441
- SHA512
  
  c189c368e016b0362ed8bd9540f29ee3c1dc5be0982bf9dcb864ea4638cf914df07f5a0165f3fe6da4651f0783bcd98c9bf82360343c8d487e3ae1f9244ae002
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy