remcos | 98e5d25243d03b80cc83c955796c42b39f308f55102a9ec01d0f308e06b4cfa9 | Triage

Submit
Reports

Overview

overview

Static

static

Statement ...21.exe

windows7_x64

Statement ...21.exe

windows10_x64

Sharing

General

Target

Statement of Account April-2021.exe
Size

1.4MB
Sample

210507-nn6hg6lvk2
MD5

384e5af70000fb658251d79ddf8e8878
SHA1

a2bafce0284f457eafd3dcbed73adeb84ed762df
SHA256

98e5d25243d03b80cc83c955796c42b39f308f55102a9ec01d0f308e06b4cfa9
SHA512

28ebd09467fa0781dc3c8a33ea24cb642ecfbcd56fd859c74590773147a45861752446501afc83e441d90507509de4b2b707a5e9b96531ae3a0358ed1ec76e9a

Score

10^/10

remcos agilenet rat

Static task

static1

Behavioral task

behavioral1

Sample

Statement of Account April-2021.exe

Resource

win7v20210410

remcos agilenet rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Statement of Account April-2021.exe

Resource

win10v20210408

remcos agilenet rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

45.137.22.107:5888

Targets

- Target
  
  Statement of Account April-2021.exe
- Size
  
  1.4MB
- MD5
  
  384e5af70000fb658251d79ddf8e8878
- SHA1
  
  a2bafce0284f457eafd3dcbed73adeb84ed762df
- SHA256
  
  98e5d25243d03b80cc83c955796c42b39f308f55102a9ec01d0f308e06b4cfa9
- SHA512
  
  28ebd09467fa0781dc3c8a33ea24cb642ecfbcd56fd859c74590773147a45861752446501afc83e441d90507509de4b2b707a5e9b96531ae3a0358ed1ec76e9a
Score

10^/10

remcos agilenet rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosagilenetrat

behavioral2

remcosagilenetrat

© 2018-2024

Terms | Privacy