remcos | 954fb1de84898cdaeacaf0c48a252497884888ac9b11347f1428bb543689e8c2 | Triage

Submit
Reports

Overview

overview

Static

static

c446746efb...18.rtf

windows7-x64

c446746efb...18.rtf

windows10-2004-x64

4

Sharing

General

Target

c446746efb2f1adcbfa66f98fa4b5dca_JaffaCakes118
Size

773KB
Sample

240827-dy98cszhpd
MD5

c446746efb2f1adcbfa66f98fa4b5dca
SHA1

20f57f4eb6cf358af82cbc4bb18433063b6f263e
SHA256

954fb1de84898cdaeacaf0c48a252497884888ac9b11347f1428bb543689e8c2
SHA512

030cc485d8033c21a194a103d214ea1d4438360fb1aee194c2845464a245ca7449bd6e994cc443faa0d6685bbfdae261e5a0069dc1daa65d206b355ba307875b
SSDEEP

12288:CxrQXRas40+CzMfUdokNlaJPSFOSdbrAC:Cx8Bar0lCzJaIYbrAC

Score

10^/10

remcos defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c446746efb2f1adcbfa66f98fa4b5dca_JaffaCakes118.rtf

Resource

win7-20240704-en

remcos defense_evasion discovery rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

c446746efb2f1adcbfa66f98fa4b5dca_JaffaCakes118.rtf

Resource

win10v2004-20240802-en

defense_evasion

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  c446746efb2f1adcbfa66f98fa4b5dca_JaffaCakes118
- Size
  
  773KB
- MD5
  
  c446746efb2f1adcbfa66f98fa4b5dca
- SHA1
  
  20f57f4eb6cf358af82cbc4bb18433063b6f263e
- SHA256
  
  954fb1de84898cdaeacaf0c48a252497884888ac9b11347f1428bb543689e8c2
- SHA512
  
  030cc485d8033c21a194a103d214ea1d4438360fb1aee194c2845464a245ca7449bd6e994cc443faa0d6685bbfdae261e5a0069dc1daa65d206b355ba307875b
- SSDEEP
  
  12288:CxrQXRas40+CzMfUdokNlaJPSFOSdbrAC:Cx8Bar0lCzJaIYbrAC
Score

10^/10

remcos defense_evasion discovery rat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdefense_evasiondiscoveryrat

behavioral2

defense_evasion

© 2018-2025

Terms | Privacy