remcos | 2e928af33de11fedaf5d0c388e96ac67509b64bd445a3f4a576f46ec2a0d5374 | Triage

Sharing

General

Target

eFiling EMP Statement_272552282276258227262.exe
Size

770KB
Sample

210503-cfjnlkn7s2
MD5

01d8d435128292d7d340d1d6218abaac
SHA1

674ab3d68de937396d0a12e2c3b72ecc59fd0743
SHA256

2e928af33de11fedaf5d0c388e96ac67509b64bd445a3f4a576f46ec2a0d5374
SHA512

7e5fc3d5d510880eeae9e29c72ea19904b1d3cb350d27b13f51422a6f8766ba254821a5deb2710b24e7eab4bbeec8d44ec53d6adde3c7251ded040e347072aa2

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

216.38.7.225:6524

Targets

- Target
  
  eFiling EMP Statement_272552282276258227262.exe
- Size
  
  770KB
- MD5
  
  01d8d435128292d7d340d1d6218abaac
- SHA1
  
  674ab3d68de937396d0a12e2c3b72ecc59fd0743
- SHA256
  
  2e928af33de11fedaf5d0c388e96ac67509b64bd445a3f4a576f46ec2a0d5374
- SHA512
  
  7e5fc3d5d510880eeae9e29c72ea19904b1d3cb350d27b13f51422a6f8766ba254821a5deb2710b24e7eab4bbeec8d44ec53d6adde3c7251ded040e347072aa2
Score

10^/10

persistence remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

remcospersistencerat