remcos | 5da1af6e9a9f3118879eedf865cb939711cc9302c12d1d515d2c034428d14f2d | Triage

Sharing

General

Target

5da1af6e9a9f3118879eedf865cb939711cc9302c12d1d515d2c034428d14f2d
Size

1.1MB
Sample

210509-45lnp2e73a
MD5

25fb2cb30a5483591c4c7fb0fc941e39
SHA1

39e4c66cc4d4d30d4676ea03f0465711761a69ed
SHA256

5da1af6e9a9f3118879eedf865cb939711cc9302c12d1d515d2c034428d14f2d
SHA512

27ddff6651dba3528624536b6f26bb98834604edadd041414397d70cb8d982bb302a1dc03b7ae87102051a2aa1187d85f4862eca180d3dae03092fb2384e9d8b

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

daya4659.ddns.net:8282

Targets

- Target
  
  5da1af6e9a9f3118879eedf865cb939711cc9302c12d1d515d2c034428d14f2d
- Size
  
  1.1MB
- MD5
  
  25fb2cb30a5483591c4c7fb0fc941e39
- SHA1
  
  39e4c66cc4d4d30d4676ea03f0465711761a69ed
- SHA256
  
  5da1af6e9a9f3118879eedf865cb939711cc9302c12d1d515d2c034428d14f2d
- SHA512
  
  27ddff6651dba3528624536b6f26bb98834604edadd041414397d70cb8d982bb302a1dc03b7ae87102051a2aa1187d85f4862eca180d3dae03092fb2384e9d8b
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat