remcos | 4bf0ad56b4d4a1f43e87c408340097995d6542d744b4af5c51aba1c1fefe5d7b | Triage

Sharing

General

Target

CARPSOBRPROCVINCINGR43678530006 CARPSOBRPROCVINCINGR43678530008.exe
Size

733KB
Sample

210422-ybjl22cexx
MD5

1eb8fa1f2c8605c2d5db68008086757e
SHA1

d2d8e51076f4f98fb012e01066fceae5eb15836c
SHA256

4bf0ad56b4d4a1f43e87c408340097995d6542d744b4af5c51aba1c1fefe5d7b
SHA512

0d1e6bcdbdb9e09b2ed1379db0770c8fc4733e6d64bbaba1eb6caef4dc7eb524ad0964c0fe8b93a838e0dd31c566275339f1bd3596347134fe528c1d6616e560

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

romancito24.duckdns.org:1717

Targets

- Target
  
  CARPSOBRPROCVINCINGR43678530006 CARPSOBRPROCVINCINGR43678530008.exe
- Size
  
  733KB
- MD5
  
  1eb8fa1f2c8605c2d5db68008086757e
- SHA1
  
  d2d8e51076f4f98fb012e01066fceae5eb15836c
- SHA256
  
  4bf0ad56b4d4a1f43e87c408340097995d6542d744b4af5c51aba1c1fefe5d7b
- SHA512
  
  0d1e6bcdbdb9e09b2ed1379db0770c8fc4733e6d64bbaba1eb6caef4dc7eb524ad0964c0fe8b93a838e0dd31c566275339f1bd3596347134fe528c1d6616e560
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2