remcos | f20155882dc9f4f0ea4d63aafb8d582694175aa70e4e216b8d214b9efb041bd8 | Triage

Sharing

General

Target

CAUSDELPROCEADELNENC2354360006 CAUSDELPROCEADELNENC2354360008.exe
Size

1.0MB
Sample

210426-x5zbfjlzk6
MD5

1ec02fe095358f3181877e926db8facf
SHA1

2a9971f211fe96f012479612dcda5e94ee112f2c
SHA256

f20155882dc9f4f0ea4d63aafb8d582694175aa70e4e216b8d214b9efb041bd8
SHA512

b6e1cc06529c13cf36fcc803957f4da6b618a968644ca15bfde7336ab77e46bb904195c8942e2fd8989033b9dbd5289e0929e30a561c940a256601caca9ce87a

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

johanvargas97832.duckdns.org:1717

Targets

- Target
  
  CAUSDELPROCEADELNENC2354360006 CAUSDELPROCEADELNENC2354360008.exe
- Size
  
  1.0MB
- MD5
  
  1ec02fe095358f3181877e926db8facf
- SHA1
  
  2a9971f211fe96f012479612dcda5e94ee112f2c
- SHA256
  
  f20155882dc9f4f0ea4d63aafb8d582694175aa70e4e216b8d214b9efb041bd8
- SHA512
  
  b6e1cc06529c13cf36fcc803957f4da6b618a968644ca15bfde7336ab77e46bb904195c8942e2fd8989033b9dbd5289e0929e30a561c940a256601caca9ce87a
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2