remcos | 01d75f2dd7d3a8df8ec45ace0c433de4e9042c84773cb94952dcdaa91de53d4c | Triage

Sharing

General

Target

c1c791572f2440f415e9757916fa150d_JaffaCakes118
Size

216KB
Sample

240825-24axfszhkf
MD5

c1c791572f2440f415e9757916fa150d
SHA1

6e387c7a76fabf10a92b6071168c7d468187aa86
SHA256

01d75f2dd7d3a8df8ec45ace0c433de4e9042c84773cb94952dcdaa91de53d4c
SHA512

8474b11632ea519884fcb2b4443de49bacf69ce518873446a24b9004a5491cfdc9ee0e17ee1b3302982638e2c24bfa15d7a750668188883883414c0256c52f39
SSDEEP

3072:QV9eu1yGj0XflzGHvvc8rPft2OalIrzR0lXV80/wDbR7csTEfiL:yefGmfdGHz4Oo4GXV804D9csw

Score

10^/10

remcos discovery persistence rat

Malware Config

Targets

- Target
  
  c1c791572f2440f415e9757916fa150d_JaffaCakes118
- Size
  
  216KB
- MD5
  
  c1c791572f2440f415e9757916fa150d
- SHA1
  
  6e387c7a76fabf10a92b6071168c7d468187aa86
- SHA256
  
  01d75f2dd7d3a8df8ec45ace0c433de4e9042c84773cb94952dcdaa91de53d4c
- SHA512
  
  8474b11632ea519884fcb2b4443de49bacf69ce518873446a24b9004a5491cfdc9ee0e17ee1b3302982638e2c24bfa15d7a750668188883883414c0256c52f39
- SSDEEP
  
  3072:QV9eu1yGj0XflzGHvvc8rPft2OalIrzR0lXV80/wDbR7csTEfiL:yefGmfdGHz4Oo4GXV804D9csw
Score

10^/10

remcos discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoverypersistencerat

behavioral2

remcosdiscoverypersistencerat