remcos | 714f5babb7ff43c5c7d994ee24ffca6be9508b86998ba18c719bcb3f9596f358 | Triage

Sharing

General

Target

EXTRACTO_SERFINANZA_694237605670237898130_880400300571994975454_677658493671733776943344733_49888556350297126565426875_p
Size

184KB
Sample

210426-tvdxtf6cna
MD5

4f9650b7df074e8bde07401b1ba53d29
SHA1

41e963c3f35af703e50e07e1dbecd47c86ccb7de
SHA256

714f5babb7ff43c5c7d994ee24ffca6be9508b86998ba18c719bcb3f9596f358
SHA512

b3554305a41e2520e9cb764dc61d8abb9552fa3b1e821c01208360f28afa6f7f50b3ce721975ec6a6bf78829af4783280d6939c87f6d51fb88d0ad6b88fd5312

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

- Target
  
  EXTRACTO_SERFINANZA_694237605670237898130_880400300571994975454_677658493671733776943344733_49888556350297126565426875_p
- Size
  
  184KB
- MD5
  
  4f9650b7df074e8bde07401b1ba53d29
- SHA1
  
  41e963c3f35af703e50e07e1dbecd47c86ccb7de
- SHA256
  
  714f5babb7ff43c5c7d994ee24ffca6be9508b86998ba18c719bcb3f9596f358
- SHA512
  
  b3554305a41e2520e9cb764dc61d8abb9552fa3b1e821c01208360f28afa6f7f50b3ce721975ec6a6bf78829af4783280d6939c87f6d51fb88d0ad6b88fd5312
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat