remcos | aba85e8ab8882d34a14f58f6b2ca9bdfb6749b72c0277788271f7f7b8d7a1e25 | Triage

Submit
Reports

Overview

overview

Static

static

OverdriveN...ol.exe

windows7_x64

OverdriveN...ol.exe

windows10_x64

Sharing

General

Target

OverdriveNTool_0.2.9 (84).zip
Size

2.2MB
Sample

210426-8pzffmfdba
MD5

1f4251f09aec1920ac72bb37967ebcae
SHA1

e01f7025a3323df7d68adf49782fc01632075187
SHA256

aba85e8ab8882d34a14f58f6b2ca9bdfb6749b72c0277788271f7f7b8d7a1e25
SHA512

e6994f56d2a0eddf0c5ca803edd3380049bb0cacafa47f987cfbf4b5a24cedc09dc2df44c15e0ae656dad32ea826b60c01544405a23140978adeadb0ba987bd6

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

OverdriveNTool_0.2.9/OverdriveNTool.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OverdriveNTool_0.2.9/OverdriveNTool.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

37.1.206.16:7373

Targets

- Target
  
  OverdriveNTool_0.2.9/OverdriveNTool.exe
- Size
  
  2.9MB
- MD5
  
  b64dbdbb60d0edab5bf3608d9973d7b5
- SHA1
  
  470ec316274648567965ac7912cb8fbfc5763c47
- SHA256
  
  731f26f74722af06e463904102705bc856f20852faecb08b5fda6b7bc0e5539c
- SHA512
  
  2d21e148db3e5a60075609ca0b4e5cabba7bf15299ed49ebe81f73844440090f8d935e919e2e7368927890b4d51514518bf9467ab01a1db0a3bbae50153719a9
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy