remcos | 1bd0cc700ba7ddeaf51343b1d5b97978447e8505adcfd39b55dee817a00ec154 | Triage

Sharing

General

Target

1bd0cc700ba7ddeaf51343b1d5b97978447e8505adcfd39b55dee817a00ec154
Size

1.1MB
Sample

210509-7a1w9t62kn
MD5

46e3eb41efecdaa9fcdbe0ba5c693e56
SHA1

beddb3fe106a6edea9f8377bb698119b8947e3b3
SHA256

1bd0cc700ba7ddeaf51343b1d5b97978447e8505adcfd39b55dee817a00ec154
SHA512

701795e1a1e549a6a6982df796b32c112c52f661efea53bb1e1f35164880b6073d0470ebd36931dc567deabe7efe6af558f48a1ad8c3029fac7eb7cdb197fbd3

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

daya4659.ddns.net:8282

Targets

- Target
  
  1bd0cc700ba7ddeaf51343b1d5b97978447e8505adcfd39b55dee817a00ec154
- Size
  
  1.1MB
- MD5
  
  46e3eb41efecdaa9fcdbe0ba5c693e56
- SHA1
  
  beddb3fe106a6edea9f8377bb698119b8947e3b3
- SHA256
  
  1bd0cc700ba7ddeaf51343b1d5b97978447e8505adcfd39b55dee817a00ec154
- SHA512
  
  701795e1a1e549a6a6982df796b32c112c52f661efea53bb1e1f35164880b6073d0470ebd36931dc567deabe7efe6af558f48a1ad8c3029fac7eb7cdb197fbd3
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat