remcos | 0e67ac2d835d51975b1f8cde8ab3eacfa184fd4dad00b83632f214740c0a94c2 | Triage

Sharing

General

Target

f6dc84a64d99e09993ed396dc2dd5b80.exe
Size

1.2MB
Sample

210506-xsaa3lfzxj
MD5

f6dc84a64d99e09993ed396dc2dd5b80
SHA1

e36d570d720afc692a7c3f6e2e8cfac89448a54c
SHA256

0e67ac2d835d51975b1f8cde8ab3eacfa184fd4dad00b83632f214740c0a94c2
SHA512

9b1ef8710707bef6dc625c70514fd692e18d16ba42dcc83f7ecb85ddff5db863826eb8e0618783c3e51cf0ec27f0ede29bee5ad978ced30f7eaec37642d534a6

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu:2177

Targets

- Target
  
  f6dc84a64d99e09993ed396dc2dd5b80.exe
- Size
  
  1.2MB
- MD5
  
  f6dc84a64d99e09993ed396dc2dd5b80
- SHA1
  
  e36d570d720afc692a7c3f6e2e8cfac89448a54c
- SHA256
  
  0e67ac2d835d51975b1f8cde8ab3eacfa184fd4dad00b83632f214740c0a94c2
- SHA512
  
  9b1ef8710707bef6dc625c70514fd692e18d16ba42dcc83f7ecb85ddff5db863826eb8e0618783c3e51cf0ec27f0ede29bee5ad978ced30f7eaec37642d534a6
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat