remcos | 3a8c27f88bf9c7e9eba822bffde5b96c11bc45fdcf55d6fc5daf9eeab45e3016 | Triage

Sharing

General

Target

5b67f0e2488e94ba4107d6a4504e8cb2_JaffaCakes118
Size

593KB
Sample

241019-ht553atanc
MD5

5b67f0e2488e94ba4107d6a4504e8cb2
SHA1

98c97ea27f366015ecacff18ecbcbb665966dfdd
SHA256

3a8c27f88bf9c7e9eba822bffde5b96c11bc45fdcf55d6fc5daf9eeab45e3016
SHA512

f5f6a740922e06e5725b578a66371d2978d926d58758febcd686e8d52fb1936d6f9f775f03b336a44367e419ec349d9996e430a833fe487b31ca60d01c6fc35d
SSDEEP

6144:uFRBJwLVLYli0ZdbCbN3wirEsKrUimDpxg2ZdeJZk:CRKVLei0PiAEyRKg2ZdeJ

Score

10^/10

remcos discovery rat

Malware Config

Targets

- Target
  
  5b67f0e2488e94ba4107d6a4504e8cb2_JaffaCakes118
- Size
  
  593KB
- MD5
  
  5b67f0e2488e94ba4107d6a4504e8cb2
- SHA1
  
  98c97ea27f366015ecacff18ecbcbb665966dfdd
- SHA256
  
  3a8c27f88bf9c7e9eba822bffde5b96c11bc45fdcf55d6fc5daf9eeab45e3016
- SHA512
  
  f5f6a740922e06e5725b578a66371d2978d926d58758febcd686e8d52fb1936d6f9f775f03b336a44367e419ec349d9996e430a833fe487b31ca60d01c6fc35d
- SSDEEP
  
  6144:uFRBJwLVLYli0ZdbCbN3wirEsKrUimDpxg2ZdeJZk:CRKVLei0PiAEyRKg2ZdeJ
Score

10^/10

remcos discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoveryrat

behavioral2

remcosdiscoveryrat