remcos | 3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea | Triage

Submit
Reports

Overview

overview

Static

static

Tender Offer.doc.rtf

windows7_x64

Tender Offer.doc.rtf

windows10_x64

1

Sharing

General

Target

Tender Offer.doc
Size

609KB
Sample

210416-3hr4pv49yx
MD5

398a7dca0715973d3a91a0383613acb6
SHA1

b5a0830f536f8a2cf50ef1b133eeac9f992e3213
SHA256

3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea
SHA512

8e64601754da1b5b9b9a93f35ac8fd63085bec5aa8b0f67728613712b6648988d56efdb3907b05c3a19e0582cbbeeb712320cab2c57a59a3eb046582d2b43103

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

Tender Offer.doc.rtf

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Tender Offer.doc.rtf

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

79.134.225.17:2050

Targets

- Target
  
  Tender Offer.doc
- Size
  
  609KB
- MD5
  
  398a7dca0715973d3a91a0383613acb6
- SHA1
  
  b5a0830f536f8a2cf50ef1b133eeac9f992e3213
- SHA256
  
  3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea
- SHA512
  
  8e64601754da1b5b9b9a93f35ac8fd63085bec5aa8b0f67728613712b6648988d56efdb3907b05c3a19e0582cbbeeb712320cab2c57a59a3eb046582d2b43103
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy