remcos | cb999b03f075385459346622f17dbeec34ee53a158c5e5fd01bad5d8e9461e9d | Triage

Sharing

General

Target

EU_SANCTION_LETTER-05052021.exe
Size

979KB
Sample

210506-7gr7smn3sa
MD5

3f42de1bd40b5621c7d580d8445bc0a7
SHA1

433bed058c0b2d7cf2374f67b7657388905f415c
SHA256

cb999b03f075385459346622f17dbeec34ee53a158c5e5fd01bad5d8e9461e9d
SHA512

c1bdcccfdaac456f7d07d7787f069324cb14aef487ab20a5e543456f47b7634934b3acb98b7342061c5153b84d93759b8920ee5135d92c6d43fc910dbb809d0e

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

www.swqrn.com:16108

Targets

- Target
  
  EU_SANCTION_LETTER-05052021.exe
- Size
  
  979KB
- MD5
  
  3f42de1bd40b5621c7d580d8445bc0a7
- SHA1
  
  433bed058c0b2d7cf2374f67b7657388905f415c
- SHA256
  
  cb999b03f075385459346622f17dbeec34ee53a158c5e5fd01bad5d8e9461e9d
- SHA512
  
  c1bdcccfdaac456f7d07d7787f069324cb14aef487ab20a5e543456f47b7634934b3acb98b7342061c5153b84d93759b8920ee5135d92c6d43fc910dbb809d0e
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2