remcos | 92aaa412fd4384f56646d3b70ae7e8f4e26e436501ac61b9dd29652162a2997c | Triage

Submit
Reports

Overview

overview

Static

static

EXTRACTO_S..._p.exe

windows7_x64

EXTRACTO_S..._p.exe

windows10_x64

Sharing

General

Target

EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p
Size

172KB
Sample

210426-x6gcepcjz6
MD5

1984154af6e8dc43909b7a3880212d6c
SHA1

0e1bdb2215010ecd58fb847a06c780e1b67f3cf6
SHA256

92aaa412fd4384f56646d3b70ae7e8f4e26e436501ac61b9dd29652162a2997c
SHA512

6ddc29c7f542bd4cf140b96edc2fe67be4e3b590c17e81a6638d3f6afc824c572bf01b50cd54877f62ff36a0d3ddac0f5b793f5fc1743365e4b552d69f4f37b7

Score

10^/10

remcos evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p.exe

Resource

win7v20210410

remcos evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p.exe

Resource

win10v20210408

remcos evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

- Target
  
  EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p
- Size
  
  172KB
- MD5
  
  1984154af6e8dc43909b7a3880212d6c
- SHA1
  
  0e1bdb2215010ecd58fb847a06c780e1b67f3cf6
- SHA256
  
  92aaa412fd4384f56646d3b70ae7e8f4e26e436501ac61b9dd29652162a2997c
- SHA512
  
  6ddc29c7f542bd4cf140b96edc2fe67be4e3b590c17e81a6638d3f6afc824c572bf01b50cd54877f62ff36a0d3ddac0f5b793f5fc1743365e4b552d69f4f37b7
Score

10^/10

remcos evasion persistence rat trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosevasionpersistencerattrojan

behavioral2

remcosevasionpersistencerattrojan

© 2018-2024

Terms | Privacy