Overview

overview

5

Static

static

3

remcos_RAT_v3.8.0.zip

windows11-21h2-x64

5

remcos_RAT...ro.exe

windows11-21h2-x64

3

remcos_RAT...er.exe

windows11-21h2-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    remcos_RAT_v3.8.0.zip

  • Size

    34.7MB

  • Sample

    240329-s92spacd68

  • MD5

    1de4439e5a26d159936f009550436bc3

  • SHA1

    9f20c2502a540a4a2d59a16c203498f144fe7f40

  • SHA256

    36f0c6f0ce78b489dbd3d04fec70a71cfd1bdde15b21ead0ba75e26832c82288

  • SHA512

    bed2904598d1f31f42e23e382c12a223aca3e5be5c3b50e04699938c7ccb3ef2b8d8aa94efc0d60971bd0e917bf3a04a8df2d616c4ac32100a97602dd6ee592f

  • SSDEEP

    786432:NdOAayyEaWcxK5Xc6E55iejT4vAxyPolbwPLQTtP5fs8gNor:NdfyEaWcx76EnicwPSwkTtCJor

Score
5/10

Malware Config

Targets

    • Target

      remcos_RAT_v3.8.0.zip

    • Size

      34.7MB

    • MD5

      1de4439e5a26d159936f009550436bc3

    • SHA1

      9f20c2502a540a4a2d59a16c203498f144fe7f40

    • SHA256

      36f0c6f0ce78b489dbd3d04fec70a71cfd1bdde15b21ead0ba75e26832c82288

    • SHA512

      bed2904598d1f31f42e23e382c12a223aca3e5be5c3b50e04699938c7ccb3ef2b8d8aa94efc0d60971bd0e917bf3a04a8df2d616c4ac32100a97602dd6ee592f

    • SSDEEP

      786432:NdOAayyEaWcxK5Xc6E55iejT4vAxyPolbwPLQTtP5fs8gNor:NdfyEaWcx76EnicwPSwkTtCJor

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      remcos_RAT_v3.8.0/Remcos v3.8.0 Pro.exe

    • Size

      25.7MB

    • MD5

      95ba79f03a69c939408191d83182d91a

    • SHA1

      41c536c3e8384473c9fc17aa672062205d9804bf

    • SHA256

      7d1613c9f1296cdf11358b72f290abcabda75f6ef3fa2eb6d7b19beccbb7b427

    • SHA512

      8a9e7afb422cb7a3566fd601de07e72dee9b99dd9f99509997a2931ce14cd46ede2f13fd2e85b15d1bede3efb41306bca913668048c8ff4dc5127d57085858f8

    • SSDEEP

      786432:df2IyoaaWSCro/jECYlF0U35Odaz+p2RBLl:df3aaWSCrdCYf0cSpYL

    Score
    3/10
    behavioral2

    • Target

      remcos_RAT_v3.8.0/server/RemcosServer.exe

    • Size

      1.4MB

    • MD5

      0e35405619cd9b28323827878df3ebad

    • SHA1

      38b9cc4b4d660c377153fbd197e4332727bfbc48

    • SHA256

      76d3461c7212330653f71a2b3dd8ee6a091814ea9d50a09e327b4532fb17f2e3

    • SHA512

      633e53185930f07ae8552c5ba2f18fffb4f6d1362982e71b1776f1e68d3cec34114f07ad7e929a130dcb81d6ed3423e39baae16ebeeb8ce6707a4db0af4656b8

    • SSDEEP

      24576:9phoBv+QoAyZWsym3C75A/dwOLAj1li3AWSTP6hBv0OYGmDVpphD9tQrB:9Mv+XJZHymmMddQ103vSTkBv0OYhD7pU

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Matrix

Tasks