remcos | ab3664826fd52fb8a96e93195e6ec7be1eeade44a1449781c19762f7d75e03ef | Triage

Sharing

General

Target

21102024_1627_18102024_AgotechZamwienieFjeldkammes3255452355623.7z
Size

3KB
Sample

241021-t3b45a1cqp
MD5

ac7b5188aff17eff7ce79ac4915a377e
SHA1

c8943283222727d85fa35e1230e5b19f8567b394
SHA256

ab3664826fd52fb8a96e93195e6ec7be1eeade44a1449781c19762f7d75e03ef
SHA512

d2dbf2addeacbec3e3b417f1c6a195dbcc4c90d9c59a3e53912715c8e28e58b207c04c71e44f603e0db520e3eddd013802498613197690d83404c6fdd139c06a

Score

10^/10

remcos discovery execution persistence rat

Malware Config

Targets

- Target
  
  Agotech Zamówienie Fjeldkammes3255452355623.bat
- Size
  
  5KB
- MD5
  
  e02abcc5bd232cd46f3d8a1912495918
- SHA1
  
  3ec09ab91cbfa9f7096fa747140993aab5db34c7
- SHA256
  
  f3e046a7769b9c977053dd32ebc1b0e1bbfe3c61789d2b8d54e51083c3d0bed5
- SHA512
  
  0e9225a1ebba97d8285dcd0898130e643c04dde0a8d14cc9174725c5e499858f30dad328c3a9f7e1a603a9289d93e423d07c3781e79d9cbda17165bfd3653588
- SSDEEP
  
  96:Hmm6vbLh3FiLig/kNfHAtg2+ul0mEI+fUe0KscOaENGvln40kg6FbBngs:TQHh3FuufNul0e+f4KsNwO06vngs
Score

10^/10

remcos discovery execution persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoveryexecutionpersistencerat

behavioral2

remcosdiscoveryexecutionpersistencerat