remcos | 45f3e6d6f40de19bca584dfafdfac7a3f5fb9b481717a0997d9f9c2d78d58fad

Analysis

Target

MV GENCO RESOLUTE VOY 1.exe
Size

708KB
MD5

84a0c62e8cf9fa26ca0d446d8883cf20
SHA1

dbae83dda1b3f3112fad3d443d36181c3161362c
SHA256

45f3e6d6f40de19bca584dfafdfac7a3f5fb9b481717a0997d9f9c2d78d58fad
SHA512

9e94fe6bc3eee91d0a08339ea11e6ea2cae2e6f74a1acc2404e783f8728eb8404f2352690588a7d0bc97d102ba7ec05d86f7c1a8c34b2c0b052ea90d296bde21

Score

10^/10

remcos rat

Family

remcos

185.244.26.244:5888

10.26.244.6:5888

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Suspicious use of SetThreadContext 1 IoCs

Processes:

MV GENCO RESOLUTE VOY 1.exe

description pid process target process

PID 784 set thread context of 2132 784 MV GENCO RESOLUTE VOY 1.exe MV GENCO RESOLUTE VOY 1.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MV GENCO RESOLUTE VOY 1.exe

pid process

2132 MV GENCO RESOLUTE VOY 1.exe

description	pid	process	target process
PID 784 set thread context of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe

pid	process
2132	MV GENCO RESOLUTE VOY 1.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

MV GENCO RESOLUTE VOY 1.exe

description	pid	process	target process
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe
PID 784 wrote to memory of 2132	784	MV GENCO RESOLUTE VOY 1.exe	MV GENCO RESOLUTE VOY 1.exe

C:\Users\Admin\AppData\Local\Temp\MV GENCO RESOLUTE VOY 1.exe
"{path}"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2132

memory/784-114-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/784-116-0x00000000052B0000-0x00000000052B1000-memory.dmp

Filesize
4KB

Download
memory/784-117-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download
memory/784-118-0x0000000004D90000-0x0000000004D91000-memory.dmp

Filesize
4KB

Download
memory/784-119-0x0000000004D50000-0x0000000004D51000-memory.dmp

Filesize
4KB

Download
memory/784-120-0x00000000082F0000-0x00000000082F1000-memory.dmp

Filesize
4KB

Download
memory/784-121-0x0000000004FD0000-0x0000000004FDE000-memory.dmp

Filesize
56KB

Download
memory/784-122-0x0000000008490000-0x000000000850C000-memory.dmp

Filesize
496KB

Download
memory/784-123-0x000000000ABE0000-0x000000000AC0D000-memory.dmp

Filesize
180KB

Download
memory/2132-124-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2132-125-0x000000000040FD88-mapping.dmp

Download
memory/2132-126-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download