remcos | 329886b8af71b45a41f94d0d9a69761b6b6fe80d36b7f7a6201fd97dc33234d5 | Triage

Submit
Reports

Overview

overview

Static

static

CONFIRMACI...DF.exe

windows7_x64

CONFIRMACI...DF.exe

windows10_x64

Sharing

General

Target

CONFIRMACION DEL PEDIDO CVE6535,PDF.exe
Size

372KB
Sample

201109-v5x3szm94a
MD5

a962399ee6a55b52ad2432702a800597
SHA1

2ae09b6b627b86bb4a6e2e7b2d33fdc6f8e1579f
SHA256

329886b8af71b45a41f94d0d9a69761b6b6fe80d36b7f7a6201fd97dc33234d5
SHA512

7914d464cbba0de5392a19d9bd986be7246fca19d15cad5303cf81f1a9dd56cbf94729bd5d1f7f2b2b3e0cb545bb689cc6114b8ee08a8c508c4f8d1eeb86b8a6

Score

10^/10

remcos snakebot coreentity rat rezer0 snakebot

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

CONFIRMACION DEL PEDIDO CVE6535,PDF.exe

Resource

win7v20201028

remcos coreentity rat rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CONFIRMACION DEL PEDIDO CVE6535,PDF.exe

Resource

win10v20201028

remcos coreentity rat rezer0

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

thankyoulord.ddns.net:5050

Targets

- Target
  
  CONFIRMACION DEL PEDIDO CVE6535,PDF.exe
- Size
  
  372KB
- MD5
  
  a962399ee6a55b52ad2432702a800597
- SHA1
  
  2ae09b6b627b86bb4a6e2e7b2d33fdc6f8e1579f
- SHA256
  
  329886b8af71b45a41f94d0d9a69761b6b6fe80d36b7f7a6201fd97dc33234d5
- SHA512
  
  7914d464cbba0de5392a19d9bd986be7246fca19d15cad5303cf81f1a9dd56cbf94729bd5d1f7f2b2b3e0cb545bb689cc6114b8ee08a8c508c4f8d1eeb86b8a6
Score

10^/10

remcos coreentity rat rezer0
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

snakebotsnakebot

behavioral1

remcoscoreentityratrezer0

behavioral2

remcoscoreentityratrezer0

© 2018-2024

Terms | Privacy