remcos | 7574f25f46740df528cf48f288b684be1653763e009b4cb359796c2e246a88cf | Triage

Sharing

General

Target

SKBMT_May Statement 00904_.exe
Size

1.1MB
Sample

210511-525n7bwgkj
MD5

e19b56628b57826f061606cd12b169ce
SHA1

35109517afe0684e3286ceab1093df89efe5a5eb
SHA256

7574f25f46740df528cf48f288b684be1653763e009b4cb359796c2e246a88cf
SHA512

1210c2a6813e57a08f260aeb77bada7c59408f64fc06f2c1e9190cdbf12509f9ea2b4c1f502421794b7d8ad91326beb86a784e19507f5d2f707f9fd3152d1eb5

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

103.133.109.176:5456

Targets

- Target
  
  SKBMT_May Statement 00904_.exe
- Size
  
  1.1MB
- MD5
  
  e19b56628b57826f061606cd12b169ce
- SHA1
  
  35109517afe0684e3286ceab1093df89efe5a5eb
- SHA256
  
  7574f25f46740df528cf48f288b684be1653763e009b4cb359796c2e246a88cf
- SHA512
  
  1210c2a6813e57a08f260aeb77bada7c59408f64fc06f2c1e9190cdbf12509f9ea2b4c1f502421794b7d8ad91326beb86a784e19507f5d2f707f9fd3152d1eb5
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2