Overview

overview

10

Static

static

3

Remcos v5....ht.exe

windows7-x64

10

Remcos v5....ht.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Remcos-v5.1.3-Light.zip

  • Size

    38.0MB

  • Sample

    240928-zalezsvern

  • MD5

    d2769271559f3eacc6af0b56cfe6775a

  • SHA1

    e3eacef80852bb8bc693dacd06f63e2842229d13

  • SHA256

    99b7f76b11336a2316fb019b03693e553080262c3cef7f5337ca6fba7cd5a338

  • SHA512

    3850fced6c31951aefd20a13c59a72888bcf302d2c92db124d0a4ac0f0e61f921679ba3c64743afae5ebf4fd460b6fc9005bd26593f76a9be0d42b2928488253

  • SSDEEP

    786432:qrA4FRZGJq5b0n9l6dabMllmxV+SzOBUmTp6OuoPWGAGao4k5UfqEVcXcwO5OxD:qNF6Jq5b0n9lkllmxBwN5uYWT9RqEVcf

Score
10/10
remcosdiscoveryrat

Malware Config

Targets

    • Target

      Remcos v5.1.3 Light.exe

    • Size

      38.4MB

    • MD5

      1a787dacd4ac908241f677303af69d6f

    • SHA1

      fa57edb0b2e21e8a55602cb96809efcfcfee65c1

    • SHA256

      4098c759068a197e9b5236af09fc8344da2d0d8d8a3fd4c17824160b1afea5a0

    • SHA512

      a6d0a770e9c425fa9f28a99e81a4f630c362692b9c4c623963871b2de992f5e10c035e1d23e1e8dbcd729777fa630801bf4998f7d83d245d353470353d71b650

    • SSDEEP

      786432:WIXQNSBAVi1Bs2DuYr3jxkQNk58issVWhJDS3IWgrAfUPE+szJFjU:WIXQgAVi1eQ3jnm8ihADnrAuE3HA

    Score
    10/10
    remcosdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks