remcos | 8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771 | Triage

Submit
Reports

Overview

overview

Static

static

1

Request fo...on.exe

windows7_x64

Request fo...on.exe

windows10_x64

Sharing

General

Target

Request for Quotation.exe
Size

241KB
Sample

210223-nzxy42x2fn
MD5

ae4bd6c5a7eaa50704d43d6054fc5dbd
SHA1

ab597cfc0433999f2032c56fe2c9e17081bcab46
SHA256

8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
SHA512

b7b0b772a5e9e969f3d5389c1c12f053a5b3a7aa774fffa3a2dac8903df09a2a6b9d242a4f1fb63602d7581226ec647be44139d27aacd82dbec6242bcd3bab43

Score

10^/10

remcos rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

Request for Quotation.exe

Resource

win7v20201028

remcos rat spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Request for Quotation.exe

Resource

win10v20201028

remcos rat spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:4299

Targets

- Target
  
  Request for Quotation.exe
- Size
  
  241KB
- MD5
  
  ae4bd6c5a7eaa50704d43d6054fc5dbd
- SHA1
  
  ab597cfc0433999f2032c56fe2c9e17081bcab46
- SHA256
  
  8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
- SHA512
  
  b7b0b772a5e9e969f3d5389c1c12f053a5b3a7aa774fffa3a2dac8903df09a2a6b9d242a4f1fb63602d7581226ec647be44139d27aacd82dbec6242bcd3bab43
Score

10^/10

remcos rat spyware
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcosratspyware

behavioral2

remcosratspyware

© 2018-2024

Terms | Privacy