Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
|
|
AV Detection |
---|
Source: |
Avira: |
Source: |
URL Reputation: |
||
Source: |
URL Reputation: |
||
Source: |
Avira URL Cloud: |
Source: |
Malware Configuration Extractor: |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Code function: |
17_2_00433837 |
Source: |
Binary or memory string: |
memstr_64e20cd0-e |
Exploits |
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Network connect: |
Jump to behavior |
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior |
Source: |
Process created: |
Privilege Escalation |
---|
Source: |
Code function: |
17_2_004074FD |
Source: |
Directory created: |
Jump to behavior | ||
Source: |
Directory created: |
Jump to behavior | ||
Source: |
Directory created: |
Jump to behavior |
Source: |
File opened: |
Jump to behavior |
Source: |
Binary string: |
Source: |
Code function: |
3_2_0027DBBE | |
Source: |
Code function: |
3_2_0024C2A2 | |
Source: |
Code function: |
3_2_002868EE | |
Source: |
Code function: |
3_2_0028698F | |
Source: |
Code function: |
3_2_0027D076 | |
Source: |
Code function: |
3_2_0027D3A9 | |
Source: |
Code function: |
3_2_00289642 | |
Source: |
Code function: |
3_2_0028979D | |
Source: |
Code function: |
16_2_010EDBBE | |
Source: |
Code function: |
16_2_010BC2A2 | |
Source: |
Code function: |
16_2_010F698F | |
Source: |
Code function: |
16_2_010F68EE | |
Source: |
Code function: |
16_2_010ED076 | |
Source: |
Code function: |
16_2_010ED3A9 | |
Source: |
Code function: |
16_2_010F979D | |
Source: |
Code function: |
16_2_010F9642 | |
Source: |
Code function: |
16_2_010F9B2B | |
Source: |
Code function: |
16_2_010F5C97 | |
Source: |
Code function: |
17_2_00409253 | |
Source: |
Code function: |
17_2_0041C291 | |
Source: |
Code function: |
17_2_0040C34D | |
Source: |
Code function: |
17_2_00409665 | |
Source: |
Code function: |
17_2_0044E879 | |
Source: |
Code function: |
17_2_0040880C | |
Source: |
Code function: |
17_2_0040783C | |
Source: |
Code function: |
17_2_00419AF5 | |
Source: |
Code function: |
17_2_0040BB30 | |
Source: |
Code function: |
17_2_0040BD37 | |
Source: |
Code function: |
17_2_100010F1 | |
Source: |
Code function: |
17_2_10006580 |
Source: |
Code function: |
17_2_00407C97 |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Software Vulnerabilities |
---|
Source: |
Process created: |
Source: |
Code function: |
2_2_0350055E | |
Source: |
Code function: |
2_2_0350045F | |
Source: |
Code function: |
2_2_035004F6 | |
Source: |
Code function: |
2_2_035005E9 | |
Source: |
Code function: |
2_2_03500496 | |
Source: |
Code function: |
2_2_0350069C | |
Source: |
Code function: |
2_2_035003D0 | |
Source: |
Code function: |
2_2_03500254 | |
Source: |
Code function: |
2_2_035002DF | |
Source: |
Code function: |
2_2_03500542 | |
Source: |
Code function: |
2_2_03500244 | |
Source: |
Code function: |
2_2_03500249 | |
Source: |
Code function: |
2_2_0350024B | |
Source: |
Code function: |
2_2_035002CB | |
Source: |
Code function: |
2_2_0350044C | |
Source: |
Code function: |
2_2_0350034C | |
Source: |
Code function: |
2_2_035002CE | |
Source: |
Code function: |
2_2_035005CF | |
Source: |
Code function: |
2_2_035002F5 | |
Source: |
Code function: |
2_2_03500279 | |
Source: |
Code function: |
2_2_035002EB | |
Source: |
Code function: |
2_2_035003EC | |
Source: |
Code function: |
2_2_0350026D | |
Source: |
Code function: |
2_2_03500391 | |
Source: |
Code function: |
2_2_03500292 | |
Source: |
Code function: |
2_2_03500413 | |
Source: |
Code function: |
2_2_0350031A | |
Source: |
Code function: |
2_2_0350031F | |
Source: |
Code function: |
2_2_03500289 | |
Source: |
Code function: |
2_2_0350058F | |
Source: |
Code function: |
2_2_0350028F | |
Source: |
Code function: |
2_2_035003B7 | |
Source: |
Code function: |
2_2_035006BC | |
Source: |
Code function: |
2_2_0350033F | |
Source: |
Code function: |
2_2_03500224 | |
Source: |
Code function: |
2_2_035002A4 | |
Source: |
Code function: |
2_2_035005AB |
Networking |
---|
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Domain query: |
|||
Source: |
Domain query: |
|||
Source: |
Network Connect: |
Jump to behavior |
Source: |
URLs: |
Source: |
TCP traffic: |
Source: |
HTTP traffic detected: |