remcos | 84035c7dd4f195653fd4dec1538e98f9181c74b8eebf9d6415d5cee1616c400c | Triage

Sharing

General

Target

10a4a298243992f740dcdc8431daea3b.exe
Size

739KB
Sample

210420-fe82q3fht6
MD5

10a4a298243992f740dcdc8431daea3b
SHA1

93fb528724a458ecd86edb8e6dd4413dec098caa
SHA256

84035c7dd4f195653fd4dec1538e98f9181c74b8eebf9d6415d5cee1616c400c
SHA512

2c055048c69be6ee9038566616600936fff3d5c72e97f0c53e3f5c928d63810f70ee966baa9f77c34e4da767336d0581f5e48a1261fd819da5a511a62c949bf0

Score

10^/10

remcos evasion rat trojan

Malware Config

Extracted

Family

remcos

C2

arttronova124.duckdns.org:3030

Targets

- Target
  
  10a4a298243992f740dcdc8431daea3b.exe
- Size
  
  739KB
- MD5
  
  10a4a298243992f740dcdc8431daea3b
- SHA1
  
  93fb528724a458ecd86edb8e6dd4413dec098caa
- SHA256
  
  84035c7dd4f195653fd4dec1538e98f9181c74b8eebf9d6415d5cee1616c400c
- SHA512
  
  2c055048c69be6ee9038566616600936fff3d5c72e97f0c53e3f5c928d63810f70ee966baa9f77c34e4da767336d0581f5e48a1261fd819da5a511a62c949bf0
Score

10^/10

remcos evasion rat trojan
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- UAC bypass
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcosevasionrattrojan

behavioral2

remcosevasionrattrojan