remcos | 79b485007f44b4d768cfa76af093ba16751d986fbd4053b8328a7dd119198e96 | Triage

Submit
Reports

Overview

overview

Static

static

blank.ps1

windows7_x64

blank.ps1

windows10_x64

Sharing

General

Target

02-04.zip
Size

30KB
Sample

200402-jayshry6wa
MD5

ff1bbb6905fb9a6f46d71d5687927d9e
SHA1

027ee92d6e76de61914ce393df46b2d2460f17e2
SHA256

79b485007f44b4d768cfa76af093ba16751d986fbd4053b8328a7dd119198e96
SHA512

fbb2ab27c67b34d7f8e88e2db4b415e08f6a2e4a03a8a62f04aaf76f91b5a41433aba94d2fa191ba9fbca58ac3d748479ed224f2754611c2520fca530635317e

Score

10^/10

remcos persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

blank.ps1

Resource

win7v200217

remcos persistence rat spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

blank.ps1

Resource

win10v200217

remcos persistence rat spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  blank.ps1
- Size
  
  26B
- MD5
  
  ef623f762ecb5a3d8f2a21b6f36fe827
- SHA1
  
  422c8588283d250dc49141a18f9c9079fa62ecf0
- SHA256
  
  95a0316c3a89e5fb1824447591dfa1c9fa08ea2a06567fb63e923d73838a0596
- SHA512
  
  b11b6510c73f126d4dcb10281111eeb0ab328a713fa5c183230f679cfbeaf41af27b658b734c3334a9cef94667d8d478d41ce54112483a99f332f2f85286b1db
Score

10^/10

remcos persistence rat spyware
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

remcospersistenceratspyware

behavioral2

remcospersistenceratspyware

© 2018-2024

Terms | Privacy