remcos | d9c227ed57ca134b518a38f74580faf7f3c5e05c5caae3ed3166641341950ee7 | Triage

Submit
Reports

Overview

overview

Static

static

TPE-CHESTE...08.scr

windows7_x64

TPE-CHESTE...08.scr

windows10_x64

Sharing

General

Target

TPE-CHESTERFIELD, MI 48051 (DDP)駿得5008.scr
Size

260KB
Sample

210426-j7xb6g8d72
MD5

84bc6ece04588d297e5f957f8c0eed1a
SHA1

47b0cfaaef2a8dceeb377e822094fd8a97b6fc0b
SHA256

d9c227ed57ca134b518a38f74580faf7f3c5e05c5caae3ed3166641341950ee7
SHA512

83c546bebebe502a4239c18e29230dec4a3df29568ff97cec6b64fa00801b2572ee738b0f74d9a11f693fff34f6b23db8edbfc16a4b5baa1482ff604314600f1

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

TPE-CHESTERFIELD, MI 48051 (DDP)駿得5008.scr

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TPE-CHESTERFIELD, MI 48051 (DDP)駿得5008.scr

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

188.72.124.143:2858

Targets

- Target
  
  TPE-CHESTERFIELD, MI 48051 (DDP)駿得5008.scr
- Size
  
  260KB
- MD5
  
  84bc6ece04588d297e5f957f8c0eed1a
- SHA1
  
  47b0cfaaef2a8dceeb377e822094fd8a97b6fc0b
- SHA256
  
  d9c227ed57ca134b518a38f74580faf7f3c5e05c5caae3ed3166641341950ee7
- SHA512
  
  83c546bebebe502a4239c18e29230dec4a3df29568ff97cec6b64fa00801b2572ee738b0f74d9a11f693fff34f6b23db8edbfc16a4b5baa1482ff604314600f1
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy