remcos | 7a1ca0872400fc383eea460f0eb93927610a9ba28cd74dfa8f37d11a2b2b6d71 | Triage

Sharing

General

Target

INGREGENERPORFRAUFSCAL2357840003 INGREGENERPORFRAUFSCAL2357840006.exe
Size

801KB
Sample

210422-pbvbpnl2k6
MD5

cdbe179ccd3e2676a8149430dd4d2027
SHA1

dd79a36de18f788899276805f2efcaf2a6295b7a
SHA256

7a1ca0872400fc383eea460f0eb93927610a9ba28cd74dfa8f37d11a2b2b6d71
SHA512

703e87d7b5986a3c9a486a3fc5ced5ce49f89ba1469145562f86c037e733f84f9d324d362b5f3936f770c71d090a962613cc9e015e811ab14a0d75f521adf1f6

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

electricaribe.duckdns.org:1717

Targets

- Target
  
  INGREGENERPORFRAUFSCAL2357840003 INGREGENERPORFRAUFSCAL2357840006.exe
- Size
  
  801KB
- MD5
  
  cdbe179ccd3e2676a8149430dd4d2027
- SHA1
  
  dd79a36de18f788899276805f2efcaf2a6295b7a
- SHA256
  
  7a1ca0872400fc383eea460f0eb93927610a9ba28cd74dfa8f37d11a2b2b6d71
- SHA512
  
  703e87d7b5986a3c9a486a3fc5ced5ce49f89ba1469145562f86c037e733f84f9d324d362b5f3936f770c71d090a962613cc9e015e811ab14a0d75f521adf1f6
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2