remcos | b4f47cba1fde0cec963df1a7cfce6856303dcf6f376e6d7172fea107b8611de1 | Triage

Submit
Reports

Overview

overview

Static

static

Balancer-U....7.exe

windows7_x64

Balancer-U....7.exe

windows10_x64

Sharing

General

Target

Balancer-UIApp-2.2.7.exe
Size

103.2MB
Sample

210423-t1txhv5e4n
MD5

187c604d50684ba55f5067d00d51a8c2
SHA1

d3f622f82f6669dc4496f2b58a19c6d3e21d5844
SHA256

b4f47cba1fde0cec963df1a7cfce6856303dcf6f376e6d7172fea107b8611de1
SHA512

2521ba2162f666a180a91bd980cf08aed8e3abbfe772c7cd934b3c8e46dc9270723aad4c10fb70f991e7ef4e5e6cc439852271817edf6c5179d0861ac8ff4b56

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

Balancer-UIApp-2.2.7.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Balancer-UIApp-2.2.7.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

94.23.218.87:4783

Targets

- Target
  
  Balancer-UIApp-2.2.7.exe
- Size
  
  103.2MB
- MD5
  
  187c604d50684ba55f5067d00d51a8c2
- SHA1
  
  d3f622f82f6669dc4496f2b58a19c6d3e21d5844
- SHA256
  
  b4f47cba1fde0cec963df1a7cfce6856303dcf6f376e6d7172fea107b8611de1
- SHA512
  
  2521ba2162f666a180a91bd980cf08aed8e3abbfe772c7cd934b3c8e46dc9270723aad4c10fb70f991e7ef4e5e6cc439852271817edf6c5179d0861ac8ff4b56
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy