remcos | 66df6a842e1d121f873b546d2d34fad685deb244a6efb61ca74c0c84aadb4ddc | Triage

Sharing

General

Target

d21dea022455f3d5155dd1ede7283fa6_JaffaCakes118
Size

196KB
Sample

240907-rgyd5azdmf
MD5

d21dea022455f3d5155dd1ede7283fa6
SHA1

eca7ccf0ce4d9d0022e680587ce0937c16a98dc7
SHA256

66df6a842e1d121f873b546d2d34fad685deb244a6efb61ca74c0c84aadb4ddc
SHA512

26b900d0dc73e1ccec8228814876a4e24c7a0463c939fd47d0b1079acbc6edbc7f696086793c92c9565c184e99b179173049ec1189103f64b47cae0b3315b6bb
SSDEEP

3072:3wSfgKS7UOZHlwbH7IJRszJo1htAziNUDQcR96ATD6HZ6y:3542ORlwIsMhtSiNUBP/ON

Score

10^/10

remcos discovery persistence rat

Malware Config

Targets

- Target
  
  d21dea022455f3d5155dd1ede7283fa6_JaffaCakes118
- Size
  
  196KB
- MD5
  
  d21dea022455f3d5155dd1ede7283fa6
- SHA1
  
  eca7ccf0ce4d9d0022e680587ce0937c16a98dc7
- SHA256
  
  66df6a842e1d121f873b546d2d34fad685deb244a6efb61ca74c0c84aadb4ddc
- SHA512
  
  26b900d0dc73e1ccec8228814876a4e24c7a0463c939fd47d0b1079acbc6edbc7f696086793c92c9565c184e99b179173049ec1189103f64b47cae0b3315b6bb
- SSDEEP
  
  3072:3wSfgKS7UOZHlwbH7IJRszJo1htAziNUDQcR96ATD6HZ6y:3542ORlwIsMhtSiNUBP/ON
Score

10^/10

remcos discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoverypersistencerat

behavioral2

remcosdiscoverypersistencerat