Extracted

Extracted

• • Target

    SC__TR1160049907.js

  • Size

    84KB

  • MD5

    dff301df2596bec9d7e48c740d78292e

  • SHA1

    9121cae742a8c8d38d8a87ba94d28bcfd8c40eb6

  • SHA256

    587201f98c6d3aac49ba4637ecab3e1fcacb4a276f4528a123e6e64bce9fb30d

  • SHA512

    d827d8a7f950c9884839a9d3d7588d77865cb542ba8b0e4901ad820ab9a79b941ac505ef37948a4dc504bde6248216e38c95cf54db45d8c6627efcb239c94882

  • SSDEEP

    384:HZB5abdZB5abtZB5abdZB5abozZB5abtZB5abdZB5ab8ZB5abtZB5abdZB5ab3ZG:8Vl

  Score

  10^/10

  executionremcosooddiscoveryrat

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Remcos family

    remcos

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2