remcos | 05670a811b8c90ad974d9e79403b3f07bec20b9a091e3b65ee1bb1f5924e81b3 | Triage

Sharing

General

Target

05670a811b8c90ad974d9e79403b3f07bec20b9a091e3b65ee1bb1f5924e81b3
Size

1.1MB
Sample

210509-4msh6r6ymx
MD5

8563efd7d9f4f0d2d1055e21805ff010
SHA1

0d5131eb0ea2d8e2d5a593279012bdeac738a1a5
SHA256

05670a811b8c90ad974d9e79403b3f07bec20b9a091e3b65ee1bb1f5924e81b3
SHA512

80ac7939a67de6ec3586d1e16751f6c75f811002769f48dab77e1ebeab4e2a2a0625a9a0895c7077f90f54af87f2b94c4b51fc01893169efe529ccad5e6595b6

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

daya4659.ddns.net:8282

Targets

- Target
  
  05670a811b8c90ad974d9e79403b3f07bec20b9a091e3b65ee1bb1f5924e81b3
- Size
  
  1.1MB
- MD5
  
  8563efd7d9f4f0d2d1055e21805ff010
- SHA1
  
  0d5131eb0ea2d8e2d5a593279012bdeac738a1a5
- SHA256
  
  05670a811b8c90ad974d9e79403b3f07bec20b9a091e3b65ee1bb1f5924e81b3
- SHA512
  
  80ac7939a67de6ec3586d1e16751f6c75f811002769f48dab77e1ebeab4e2a2a0625a9a0895c7077f90f54af87f2b94c4b51fc01893169efe529ccad5e6595b6
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat