remcos | 572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af | Triage

Submit
Reports

Overview

overview

Static

static

1

QuotationInvoices.exe

windows7_x64

QuotationInvoices.exe

windows10_x64

Sharing

General

Target

QuotationInvoices.exe
Size

516KB
Sample

210222-hvtvwgjmcx
MD5

9c51e2991c6c9708d783aab030dcc0da
SHA1

64accc9e3f84e7365d8236c580b9644427e3f9e3
SHA256

572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af
SHA512

c8725d2abba8f2ae1c483d948f2909ff73736e4efa415d6a26f91cf2226431720b13f15868b4177d8b581287a1d41c4c051913a0faf8f95f599f14b5133ab5b0

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

QuotationInvoices.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QuotationInvoices.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

greatglass.servebeer.com:1961

Targets

- Target
  
  QuotationInvoices.exe
- Size
  
  516KB
- MD5
  
  9c51e2991c6c9708d783aab030dcc0da
- SHA1
  
  64accc9e3f84e7365d8236c580b9644427e3f9e3
- SHA256
  
  572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af
- SHA512
  
  c8725d2abba8f2ae1c483d948f2909ff73736e4efa415d6a26f91cf2226431720b13f15868b4177d8b581287a1d41c4c051913a0faf8f95f599f14b5133ab5b0
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy