remcos | d339fb0c1a994e652b4fe8f4cfd8a16745ca9a04f9042cab1d16ca73103f41d4 | Triage

Sharing

General

Target

Factura Serfinanza053176011500426549564067806.exe
Size

188KB
Sample

210426-lb9qeqgepa
MD5

81650b5894e10dc7f6b4d45f05f36bf9
SHA1

5f22af376e1395cbdca9470ff9432938c290b3d5
SHA256

d339fb0c1a994e652b4fe8f4cfd8a16745ca9a04f9042cab1d16ca73103f41d4
SHA512

4c1142054c46cc3a94b3778424fc06bc835208e974acd16ee063b0dc46e943eb3bb929d29c9ecd990d3fbe79c0788094976a4e250fc6134d907f7a0d78ef03df

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

- Target
  
  Factura Serfinanza053176011500426549564067806.exe
- Size
  
  188KB
- MD5
  
  81650b5894e10dc7f6b4d45f05f36bf9
- SHA1
  
  5f22af376e1395cbdca9470ff9432938c290b3d5
- SHA256
  
  d339fb0c1a994e652b4fe8f4cfd8a16745ca9a04f9042cab1d16ca73103f41d4
- SHA512
  
  4c1142054c46cc3a94b3778424fc06bc835208e974acd16ee063b0dc46e943eb3bb929d29c9ecd990d3fbe79c0788094976a4e250fc6134d907f7a0d78ef03df
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat