remcos | 3f6667a5066146062d2d6f8411a39c58cce7a2e4d134048214b8e8ff95a6ee9b | Triage

Sharing

General

Target

d59f0a2c4b7e9fa01db5ed135b8978f4_JaffaCakes118
Size

139KB
Sample

241208-gxypqazrbn
MD5

d59f0a2c4b7e9fa01db5ed135b8978f4
SHA1

77417cfd36352a4bd7c72b0f37dbb862ba078394
SHA256

3f6667a5066146062d2d6f8411a39c58cce7a2e4d134048214b8e8ff95a6ee9b
SHA512

06adc76092fd8f8e8729a3470923972409b6cc2c5981c6d70e15a1924aae2c6f91937added57abc47e1737130475093331f029c89813640ee3e17028782f36ee
SSDEEP

3072:IeGN16W08xloDw63ZP+ro1aABVOih9v4cbAh:F73ZgcaArOibQ7h

Score

10^/10

remcos discovery rat

Malware Config

Targets

- Target
  
  20180622.exe
- Size
  
  236KB
- MD5
  
  766b9a9fa159679fdf6890835040d1b6
- SHA1
  
  e2557ef24c7f6b90f12a3999935de2ec1623cef6
- SHA256
  
  3213df437d54f9cf84c34004a8be9e351dbd9e1d476652f7ec6367033b75b624
- SHA512
  
  ec278453e55001193f1a716e973564043f33039d342f6d8d93f1727edd380d2189fd207e06ed29e6ea69c15f3757705db8316c480ba7d026dd6bc86a91209d8d
- SSDEEP
  
  3072:SATwwivXqxK29jPpcw+eGGs0S/p9KjLfOwlapM5Q3hfyziIv:S16v9jBj+eb1daaaRyzp
Score

10^/10

remcos discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiscoveryrat

behavioral2

remcosdiscoveryrat