remcos | 8b44f1a914d853ce6df51bb8e1971576c34129e2d5408d5670ca84e57260fb48 | Triage

Sharing

General

Target

f9612b2394ab6f23737fe1d3f020e0e1_JaffaCakes118
Size

992KB
Sample

240927-ae8nmsxgqd
MD5

f9612b2394ab6f23737fe1d3f020e0e1
SHA1

1649476b8e42afdf3a08d66e54a63047ae851cbb
SHA256

8b44f1a914d853ce6df51bb8e1971576c34129e2d5408d5670ca84e57260fb48
SHA512

09a2036afa78fabef7035fb105e780478984ecbf3cfe6f20eb5ff89d74c419b339f6238e10e8ae30095e9aca1bbc0d3d9842d7204f67b597e440ac60e328da3a
SSDEEP

12288:yQodBdt1J9hgwl4LLdTalhRtfi01U5RSrfZb4L0wACWKcT:yQQDOL1WhHfXavS7V4YwACC

Score

10^/10

remcos discovery persistence rat

Malware Config

Targets

- Target
  
  f9612b2394ab6f23737fe1d3f020e0e1_JaffaCakes118
- Size
  
  992KB
- MD5
  
  f9612b2394ab6f23737fe1d3f020e0e1
- SHA1
  
  1649476b8e42afdf3a08d66e54a63047ae851cbb
- SHA256
  
  8b44f1a914d853ce6df51bb8e1971576c34129e2d5408d5670ca84e57260fb48
- SHA512
  
  09a2036afa78fabef7035fb105e780478984ecbf3cfe6f20eb5ff89d74c419b339f6238e10e8ae30095e9aca1bbc0d3d9842d7204f67b597e440ac60e328da3a
- SSDEEP
  
  12288:yQodBdt1J9hgwl4LLdTalhRtfi01U5RSrfZb4L0wACWKcT:yQQDOL1WhHfXavS7V4YwACC
Score

10^/10

remcos discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoverypersistencerat

behavioral2

remcosdiscoverypersistencerat