Overview

overview

10

Static

static

10

3REM-ULTIT...Br.exe

windows7_x64

10

3REM-ULTIT...Br.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3REM-ULTITEC-865hkk-PROTECTIVE-PPErvGiVBzqbBf9Br.exe

  • Size

    466KB

  • Sample

    201109-rk34gp23rj

  • MD5

    26791ff2139c7eef1328963dd38d4bc9

  • SHA1

    9b3beb6c2aa6e621b3d2a9e9c985a66dcd214dfe

  • SHA256

    e9405efd2e392e4732172009d420567b63b2ed3eb1ad51d9a0539eefaf620030

  • SHA512

    deb446977a0dab965406529b2ef1fc1fcc198e4dd3a20fedb8f60419a7d64a181e6ea586ed27eebc4fc69bd757c06f674713d6733a46bd92b83073cfc5138f44

Score
10/10
remcossnakebotratsnakebot

Malware Config

Extracted

Family

remcos

C2

185.165.153.215:6608

Targets

    • Target

      3REM-ULTITEC-865hkk-PROTECTIVE-PPErvGiVBzqbBf9Br.exe

    • Size

      466KB

    • MD5

      26791ff2139c7eef1328963dd38d4bc9

    • SHA1

      9b3beb6c2aa6e621b3d2a9e9c985a66dcd214dfe

    • SHA256

      e9405efd2e392e4732172009d420567b63b2ed3eb1ad51d9a0539eefaf620030

    • SHA512

      deb446977a0dab965406529b2ef1fc1fcc198e4dd3a20fedb8f60419a7d64a181e6ea586ed27eebc4fc69bd757c06f674713d6733a46bd92b83073cfc5138f44

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks