General

  • Target

    Loading-Documents,pdf.exe

  • Size

    423KB

  • Sample

    200707-vvb7rxn1mn

  • MD5

    4df66339be6f263c7c6e398cc65de65e

  • SHA1

    6810fbf18ada8cdbc5d228c0db2bc01ca029fddf

  • SHA256

    18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195

  • SHA512

    b0be3f88d7cde12e9fdb7f451f30b8b996c7eae12ad29bd8c313312af38c2b5d7f765da0af55d0554f04ff44f769a4cb8453b8f02e6c2e30914528f1fc609de8

Score
10/10

Malware Config

Extracted

Family

remcos

C2

jamesanderson68986.ddns.net:1965

Targets

    • Target

      Loading-Documents,pdf.exe

    • Size

      423KB

    • MD5

      4df66339be6f263c7c6e398cc65de65e

    • SHA1

      6810fbf18ada8cdbc5d228c0db2bc01ca029fddf

    • SHA256

      18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195

    • SHA512

      b0be3f88d7cde12e9fdb7f451f30b8b996c7eae12ad29bd8c313312af38c2b5d7f765da0af55d0554f04ff44f769a4cb8453b8f02e6c2e30914528f1fc609de8

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks