remcos | 419000b66f04ce0f9b5b3b9f4825d4b68d21df27e99d02b483bd96aa240413d7 | Triage

Sharing

General

Target

ADJUENWORDSOBREPROCEV4363450005 ADJUENWORDSOBREPROCEV4363450007.exe
Size

955KB
Sample

210422-1e6ghqmfl6
MD5

66bc12a8ad1e13c3e6dd65bd6db4790a
SHA1

61048635297de9edf916ab5c2bbeeac865cad997
SHA256

419000b66f04ce0f9b5b3b9f4825d4b68d21df27e99d02b483bd96aa240413d7
SHA512

0f9fe805f7926a686382da2acc24da889be640b1951eb1a68c4f853aca56e7f3b1ff13d213d419f18e64b49f7a1c38edec556e2531d89c44e02755b286cec1aa

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

portugal16.duckdns.org:1717

Targets

- Target
  
  ADJUENWORDSOBREPROCEV4363450005 ADJUENWORDSOBREPROCEV4363450007.exe
- Size
  
  955KB
- MD5
  
  66bc12a8ad1e13c3e6dd65bd6db4790a
- SHA1
  
  61048635297de9edf916ab5c2bbeeac865cad997
- SHA256
  
  419000b66f04ce0f9b5b3b9f4825d4b68d21df27e99d02b483bd96aa240413d7
- SHA512
  
  0f9fe805f7926a686382da2acc24da889be640b1951eb1a68c4f853aca56e7f3b1ff13d213d419f18e64b49f7a1c38edec556e2531d89c44e02755b286cec1aa
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2