Overview

overview

10

Static

static

c27cad4a8a...90.exe

windows7_x64

10

c27cad4a8a...90.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c27cad4a8a936c75f677d0a14fd58590.exe

  • Size

    1.2MB

  • Sample

    200707-3rk49eesta

  • MD5

    c27cad4a8a936c75f677d0a14fd58590

  • SHA1

    1f4614b6d5553af0ea857a907885048808cc8e48

  • SHA256

    db4bb50f2327328901cc6fff050acb653a059dc905917dcefedccbd8154c13ce

  • SHA512

    b094e2ca78b25bd9c4eec4f4bf30e767db9d52c9ff6b7f54f3014988ac3d9cc89df86fd1d4dd2eeac1bd75d2fba91df79fb6a7d63ffe405ea1864805ffdd7e13

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

karimgoussd.ug:6969

fgdjhksdfsdxcbv.ru:6969

Targets

    • Target

      c27cad4a8a936c75f677d0a14fd58590.exe

    • Size

      1.2MB

    • MD5

      c27cad4a8a936c75f677d0a14fd58590

    • SHA1

      1f4614b6d5553af0ea857a907885048808cc8e48

    • SHA256

      db4bb50f2327328901cc6fff050acb653a059dc905917dcefedccbd8154c13ce

    • SHA512

      b094e2ca78b25bd9c4eec4f4bf30e767db9d52c9ff6b7f54f3014988ac3d9cc89df86fd1d4dd2eeac1bd75d2fba91df79fb6a7d63ffe405ea1864805ffdd7e13

    Score
    10/10
    ratremcospersistence

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Adds Run entry to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks