remcos | 4fff31fe2dc28e3080189ef8bdf5001f1a441be3c67392864966512d7dc79217 | Triage

Sharing

General

Target

Neues Lieferantenformular,pdf.001
Size

316KB
Sample

210429-s35npgwh1s
MD5

0f69e6f083a77b5a19aa0d0a387c4775
SHA1

729937dcf098b159637bc616cc5336ca6c87af8c
SHA256

4fff31fe2dc28e3080189ef8bdf5001f1a441be3c67392864966512d7dc79217
SHA512

d207d0e7ec13d3f0e12393523847ba4d8b563d7159610fa5f50009a0ac7be0d98d110c436050d655bac5a11acaa533805dd4ba4e2fda9279eac707a53cddc093

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

Officialsw.chickenkiller.com:2310

official.ydns.eu:2310

Targets

- Target
  
  Neues Lieferantenformular,pdf.scr
- Size
  
  832KB
- MD5
  
  3f4f150ed7ab62f3f08315fa85a1e1f0
- SHA1
  
  24890995fabbfb50230729d5cceb4d5a92199a42
- SHA256
  
  f0896ba259cc40a67474db857cbca2cd43099f5b49be45c3e3a3a34a06765b7f
- SHA512
  
  67df52b24d57dc399c2c819d27749e8b54b7494563d075c7305716d57eae1625321ea8083c1964d76721a1ec436e5a0d53403c2c737d895c9068c0632ea78248
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat