remcos | 0c2f78458061b2e848305409a90351eff2c4c31eed1a4667b6366bfdc43ef52a | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...91.exe

windows7_x64

8

SecuriteIn...91.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291
Size

897KB
Sample

210505-deqzqzqch2
MD5

9f910ba7ff05efd30eb1c2316bb488e0
SHA1

3b428f5cf8b0c43b8b63bbaf728669a83f66458e
SHA256

0c2f78458061b2e848305409a90351eff2c4c31eed1a4667b6366bfdc43ef52a
SHA512

5f6300857bce04ef5e883bb219d3f2257acdada1c29cec9dff0d438a8190f784b0c7bde44dbe80adb7f28fefe03c9ec57d0300066bed46b838a91d92a3f7c189

Score

10^/10

remcos agilenet rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291.exe

Resource

win10v20210410

remcos agilenet rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291
- Size
  
  897KB
- MD5
  
  9f910ba7ff05efd30eb1c2316bb488e0
- SHA1
  
  3b428f5cf8b0c43b8b63bbaf728669a83f66458e
- SHA256
  
  0c2f78458061b2e848305409a90351eff2c4c31eed1a4667b6366bfdc43ef52a
- SHA512
  
  5f6300857bce04ef5e883bb219d3f2257acdada1c29cec9dff0d438a8190f784b0c7bde44dbe80adb7f28fefe03c9ec57d0300066bed46b838a91d92a3f7c189
Score

10^/10

agilenet remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosagilenetrat

© 2018-2024

Terms | Privacy