General
-
Target
SecuriteInfo.com.Backdoor.Remcos.20284
-
Size
866KB
-
Sample
201215-cwn2cnz46s
-
MD5
d543a59ba12985acaf4134c3ff427b86
-
SHA1
626f4d2877429d63586bc0ccfdf313911b6817c8
-
SHA256
45758c4c53cd20b6f598a9cba7185150543d829eee00aaa8dc565cefd59e9909
-
SHA512
80bfd4931b4a0e032fd583544cdf4fe36a0791d988b3ccfdcffe826fb1f93dabadf9de7f0a309da5eca1972839420e0c4bac796b9768d740075980459962689e
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Backdoor.Remcos.20284.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Backdoor.Remcos.20284
-
Size
866KB
-
MD5
d543a59ba12985acaf4134c3ff427b86
-
SHA1
626f4d2877429d63586bc0ccfdf313911b6817c8
-
SHA256
45758c4c53cd20b6f598a9cba7185150543d829eee00aaa8dc565cefd59e9909
-
SHA512
80bfd4931b4a0e032fd583544cdf4fe36a0791d988b3ccfdcffe826fb1f93dabadf9de7f0a309da5eca1972839420e0c4bac796b9768d740075980459962689e
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-