remcos | 0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9 | Triage

Submit
Reports

Overview

overview

Static

static

0067d9cf4d...f9.exe

windows7_x64

0067d9cf4d...f9.exe

windows10_x64

Sharing

General

Target

0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9
Size

994KB
Sample

210511-2l6x6s6rz2
MD5

e7fb36c4654d8db22d0daf11792b1e10
SHA1

1434f15e02b240ee6e08d53ea65548d10d4b97d7
SHA256

0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9
SHA512

21adf2de5c91bf9cfa6ec2eb8c1e2ffbba362c24cfeb23d5e29213f5537457e7f94a697214c5059597b2a51f0257c39cdc9d49344c0e12a5012f730f8a1b7150

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

rem-pounds.ddns.net:9970

Targets

- Target
  
  0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9
- Size
  
  994KB
- MD5
  
  e7fb36c4654d8db22d0daf11792b1e10
- SHA1
  
  1434f15e02b240ee6e08d53ea65548d10d4b97d7
- SHA256
  
  0067d9cf4d9131ab11d22ddf62e2aeccd4a8742d216cbc28af7da09739db87f9
- SHA512
  
  21adf2de5c91bf9cfa6ec2eb8c1e2ffbba362c24cfeb23d5e29213f5537457e7f94a697214c5059597b2a51f0257c39cdc9d49344c0e12a5012f730f8a1b7150
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy