remcos | 3b69867aabd0912ec4d46c50f059d60fe8a541f4b18a0bca5eac711e921cb00b | Triage

Sharing

General

Target

d3783d6b9ffaa2f440e4249b7d910867_JaffaCakes118
Size

138KB
Sample

240908-ec33lawenb
MD5

d3783d6b9ffaa2f440e4249b7d910867
SHA1

bd69cb0a5c9705f0c6aeacb79bc52f6ec3803771
SHA256

3b69867aabd0912ec4d46c50f059d60fe8a541f4b18a0bca5eac711e921cb00b
SHA512

11f5589160af4f6817ccb23fca9c4e6e936c5e8fe8c3ad86314d7f5b8e33610350764bf8ed79e9f3134b5441b5b1b8b2accff03761be2014b0271fc1c5589efe
SSDEEP

3072:ZU3RZlnfF8xGdaegugZm4t1FEMxFFS+bJ4zsUCjNaR1VgBlFJfAYMout:EZlnfF8xWzgZDt15FF3N42jxlFJCoS

Score

10^/10

remcos discovery persistence rat

Malware Config

Targets

- Target
  
  d3783d6b9ffaa2f440e4249b7d910867_JaffaCakes118
- Size
  
  138KB
- MD5
  
  d3783d6b9ffaa2f440e4249b7d910867
- SHA1
  
  bd69cb0a5c9705f0c6aeacb79bc52f6ec3803771
- SHA256
  
  3b69867aabd0912ec4d46c50f059d60fe8a541f4b18a0bca5eac711e921cb00b
- SHA512
  
  11f5589160af4f6817ccb23fca9c4e6e936c5e8fe8c3ad86314d7f5b8e33610350764bf8ed79e9f3134b5441b5b1b8b2accff03761be2014b0271fc1c5589efe
- SSDEEP
  
  3072:ZU3RZlnfF8xGdaegugZm4t1FEMxFFS+bJ4zsUCjNaR1VgBlFJfAYMout:EZlnfF8xWzgZDt15FF3N42jxlFJCoS
Score

10^/10

remcos discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoverypersistencerat

behavioral2

remcosdiscoverypersistencerat