remcos | 706ea002a1347263e15b09b2f67c2dc9157c0e2b339352ff4ec4430f52ffd85e | Triage

Sharing

General

Target

test - Kopie.bat
Size

861B
Sample

241124-ndzk8sxjgv
MD5

f87031970e569760e8d221b726a4c679
SHA1

f2b149768f61329bf32221eb7dd5c99313eee085
SHA256

706ea002a1347263e15b09b2f67c2dc9157c0e2b339352ff4ec4430f52ffd85e
SHA512

3f135dd61288c3def67c0a5b3f3ba46cc9c0820c776335f437f85b81810b574ef759600dbfd6794f78624782e1fbe726e7d810f6609f0e7f206540e5c79a285f

Score

10^/10

remcos execution rat

Malware Config

Targets

- Target
  
  test - Kopie.bat
- Size
  
  861B
- MD5
  
  f87031970e569760e8d221b726a4c679
- SHA1
  
  f2b149768f61329bf32221eb7dd5c99313eee085
- SHA256
  
  706ea002a1347263e15b09b2f67c2dc9157c0e2b339352ff4ec4430f52ffd85e
- SHA512
  
  3f135dd61288c3def67c0a5b3f3ba46cc9c0820c776335f437f85b81810b574ef759600dbfd6794f78624782e1fbe726e7d810f6609f0e7f206540e5c79a285f
Score

10^/10

remcos execution rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosexecutionrat

behavioral2

remcosexecutionrat