daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4

General
Target

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4

Size

15MB

Sample

201112-lvcvqj3rd2

Score
10 /10
MD5

59a413614e91e86b933a42e4abdf1d43

SHA1

2d4ae51600e384dfcc8c054ff8c798055d008f87

SHA256

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4

SHA512

1e771d3c37f9035f4a813e062c9327bc1a14e34a29aee4bced9613555bb684c581cf121a83f5daa0e4a7e1ac2b430c34b3f190171d4f8a50f4f89bfdb8b6a93c

Malware Config

Extracted

Family remcos
C2

roxy.dynalias.net:3297

regiskm67.buyshouses.net:3297

dico.is-a-liberal.com:3297

neverdiemosole.is-a-doctor.com:3297

zeusnodie.mypets.ws:3297

nvdiedicobies.is-a-hard-worker.com:3297

nvdieroxy.kicks-ass.net:3297

nvdiedicozeuse.webhop.org:3297

Targets
Target

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4

MD5

59a413614e91e86b933a42e4abdf1d43

Filesize

15MB

Score
10 /10
SHA1

2d4ae51600e384dfcc8c054ff8c798055d008f87

SHA256

daedd0017e4c1d2488d55bd08172c84420577c6c0a1d617d4c1c455870012bc4

SHA512

1e771d3c37f9035f4a813e062c9327bc1a14e34a29aee4bced9613555bb684c581cf121a83f5daa0e4a7e1ac2b430c34b3f190171d4f8a50f4f89bfdb8b6a93c

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify Registry Modify Existing Service Disabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify Registry Modify Existing Service
  • NetWire RAT payload

    Tags

  • Netwire

    Description

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    Tags

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks