remcos | 4bed7aed798d98fcfa3b2bad84a3811f4c86aec3b3b201f22925c03a64ca83bf | Triage

Sharing

General

Target

PREAMBPORLITIGIGREPDF3543330006 PREAMBPORLITIGIGREPDF3543330008.exe
Size

893KB
Sample

210427-9grp6ddzhs
MD5

1b19f27f2a45dfeef263dc48354b5c61
SHA1

0e7fc23fa3745791e8863f0b478a1a9317f4437a
SHA256

4bed7aed798d98fcfa3b2bad84a3811f4c86aec3b3b201f22925c03a64ca83bf
SHA512

774e88ee1a24b78aba946e41a8259baa63ff0c3019fd9a230a1f98021a5c3b5b7f8cbb48d75bdfe5474934b53a0222c5582c8f98871e1c7fa4a9108899749c64

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

yuyitosjs.duckdns.org:1717

Targets

- Target
  
  PREAMBPORLITIGIGREPDF3543330006 PREAMBPORLITIGIGREPDF3543330008.exe
- Size
  
  893KB
- MD5
  
  1b19f27f2a45dfeef263dc48354b5c61
- SHA1
  
  0e7fc23fa3745791e8863f0b478a1a9317f4437a
- SHA256
  
  4bed7aed798d98fcfa3b2bad84a3811f4c86aec3b3b201f22925c03a64ca83bf
- SHA512
  
  774e88ee1a24b78aba946e41a8259baa63ff0c3019fd9a230a1f98021a5c3b5b7f8cbb48d75bdfe5474934b53a0222c5582c8f98871e1c7fa4a9108899749c64
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2