remcos | fb119105227d38bf4e5acbc6a5dc5abfeabbbcfb3b32d635c940510293554e26 | Triage

Sharing

General

Target

Ver PDF estado de cuentas y confirmar Ver PDF estado de cuentas y confirmar.exe
Size

550KB
Sample

210423-tky96r8hte
MD5

6cfd8918e9b9511f8d7fcc93308011eb
SHA1

c9be2597c17d8b4daac89b9f7aa76e330c7e8bf3
SHA256

fb119105227d38bf4e5acbc6a5dc5abfeabbbcfb3b32d635c940510293554e26
SHA512

73efd2d0b3876eaef362d542a6a8aeb76762d4465eda9a86106c63ca6b5bc008e49432d5f465b8c8069d895abf5e6d7fab4591488f3d3e613234f82cbb91f005

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

covid19remoc.duckdns.org:1013

Targets

- Target
  
  Ver PDF estado de cuentas y confirmar Ver PDF estado de cuentas y confirmar.exe
- Size
  
  550KB
- MD5
  
  6cfd8918e9b9511f8d7fcc93308011eb
- SHA1
  
  c9be2597c17d8b4daac89b9f7aa76e330c7e8bf3
- SHA256
  
  fb119105227d38bf4e5acbc6a5dc5abfeabbbcfb3b32d635c940510293554e26
- SHA512
  
  73efd2d0b3876eaef362d542a6a8aeb76762d4465eda9a86106c63ca6b5bc008e49432d5f465b8c8069d895abf5e6d7fab4591488f3d3e613234f82cbb91f005
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2