remcos | dead951d2f64b0650ac6595bf2b001fb0225a419dd6ccafbcd7b218cd57395b4 | Triage

Submit
Reports

Overview

overview

Static

static

1

a3de4818a9...18.rtf

windows7-x64

a3de4818a9...18.rtf

windows10-2004-x64

1

Sharing

General

Target

a3de4818a93def342e842faa722a1b11_JaffaCakes118
Size

1.7MB
Sample

240613-fesv3sybpr
MD5

a3de4818a93def342e842faa722a1b11
SHA1

19fb15a474d52b3e26015f163cc0f898a8b58d95
SHA256

dead951d2f64b0650ac6595bf2b001fb0225a419dd6ccafbcd7b218cd57395b4
SHA512

f5b95f1aae419b4f6ef93a1892689fe1a07e20fb9a4a7e6a549a0cb49edd867cae9d2e83b0c8efc77a05f614531c1474d49c7abc6ac1f9349c008412a103cd3f
SSDEEP

6144:2gEeVGcekWGDBVrqDnP2pm4rkna2L0BekWGDBVrqDnP2pm4rkna2L0+OaYckQXOa:2gLrYUrYArsXFuvlvPHxkYm0f+VQkb

Score

10^/10

remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

a3de4818a93def342e842faa722a1b11_JaffaCakes118.rtf

Resource

win7-20240220-en

remcos persistence rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3de4818a93def342e842faa722a1b11_JaffaCakes118.rtf

Resource

win10v2004-20240611-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3de4818a93def342e842faa722a1b11_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  a3de4818a93def342e842faa722a1b11
- SHA1
  
  19fb15a474d52b3e26015f163cc0f898a8b58d95
- SHA256
  
  dead951d2f64b0650ac6595bf2b001fb0225a419dd6ccafbcd7b218cd57395b4
- SHA512
  
  f5b95f1aae419b4f6ef93a1892689fe1a07e20fb9a4a7e6a549a0cb49edd867cae9d2e83b0c8efc77a05f614531c1474d49c7abc6ac1f9349c008412a103cd3f
- SSDEEP
  
  6144:2gEeVGcekWGDBVrqDnP2pm4rkna2L0BekWGDBVrqDnP2pm4rkna2L0+OaYckQXOa:2gLrYUrYArsXFuvlvPHxkYm0f+VQkb
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

© 2018-2025

Terms | Privacy