General

  • Target

    1798895e5928e606be2b611b99758a722f936c9cc92c7ecd76446cc7a2533a3e

  • Size

    12.3MB

  • Sample

    201111-gazvswc3we

  • MD5

    bd868158318bdb48e6a445fbe49a3cc0

  • SHA1

    f8d4e93ea520d579264922b5814bf7e110862750

  • SHA256

    1798895e5928e606be2b611b99758a722f936c9cc92c7ecd76446cc7a2533a3e

  • SHA512

    ad2fae35737405ae59aa8d283d131ad0db9022f174bf1f1160f619c0d56224fefe736015b1c82b590e41e014b281f3c818753bee593593261f0c48e28cb0ab17

Score
10/10

Malware Config

Extracted

Family

remcos

C2

CEDSXoissLv2NiM.club:5762

PgqduOYXVZeNNam.xyz:5762

USd7O88wEMlUtX5.xyz:5762

pMfiryhhkiN98Px.xyz:5762

Se2Qwz60L2OxZNM.xyz:5762

GWtY0fiG58DCq6F.xyz:5762

maui16azsncpo97.info:5762

mj99puoba6c3gun.info:5762

tu90to3b4q4uqze.info:5762

cwt1u0vv8ic357ov.info:5762

agaoajz1hrvevre.info:5762

poykoqnl7jkj632.info:5762

cbiq1neygyp1wno.info:5762

BCBNcQ393Z3HPLQ.club:5762

Targets

    • Target

      1798895e5928e606be2b611b99758a722f936c9cc92c7ecd76446cc7a2533a3e

    • Size

      12.3MB

    • MD5

      bd868158318bdb48e6a445fbe49a3cc0

    • SHA1

      f8d4e93ea520d579264922b5814bf7e110862750

    • SHA256

      1798895e5928e606be2b611b99758a722f936c9cc92c7ecd76446cc7a2533a3e

    • SHA512

      ad2fae35737405ae59aa8d283d131ad0db9022f174bf1f1160f619c0d56224fefe736015b1c82b590e41e014b281f3c818753bee593593261f0c48e28cb0ab17

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks