remcos | 7519540343e10c7846979809166df1cd0f01087ea53bf20fd5dd416dc6ebad14 | Triage

Sharing

General

Target

AppraisalReport.vbs
Size

567B
Sample

210422-hkw42mfr9e
MD5

d6fa102b90f5763f4b5c3ebc4e9b3b62
SHA1

528bf1948d9b3b263480fb5ec88469bfdc2d3d80
SHA256

7519540343e10c7846979809166df1cd0f01087ea53bf20fd5dd416dc6ebad14
SHA512

f37147d7d8aad300ab65fab796812d803f7148ae4a3e9c84ee82925391b8b9c12018b5b17c7d405c224eefcc0bdefa36b94f2ba18619033b179758ce875bfe64

Score

10^/10

remcos rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia601405.us.archive.org/23/items/all_20210422_20210422_1042/ALL.txt

Extracted

Family

remcos

C2

194.5.97.183:8888

Targets

- Target
  
  AppraisalReport.vbs
- Size
  
  567B
- MD5
  
  d6fa102b90f5763f4b5c3ebc4e9b3b62
- SHA1
  
  528bf1948d9b3b263480fb5ec88469bfdc2d3d80
- SHA256
  
  7519540343e10c7846979809166df1cd0f01087ea53bf20fd5dd416dc6ebad14
- SHA512
  
  f37147d7d8aad300ab65fab796812d803f7148ae4a3e9c84ee82925391b8b9c12018b5b17c7d405c224eefcc0bdefa36b94f2ba18619033b179758ce875bfe64
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2