Overview

overview

10

Static

static

HashUpUtility.sfx.exe

windows7_x64

8

HashUpUtility.sfx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HashUpUtility.sfx.exe

  • Size

    5.8MB

  • Sample

    201224-n4wa1zmkxs

  • MD5

    bbb3a49ef87ede0d986947c9a50fcaac

  • SHA1

    c89a832fdcb63f8278c1596b3a258abcb179f6eb

  • SHA256

    61d9f4cbc76b7889d7d17d262b63c0fd2ee40642653063b1eb6ab84397f8c57b

  • SHA512

    f1984dbba8cfa14c664ad99bd48816e7dca81405d7c30a9e2d61b4627b34a6b95797df2715f7b79789e79cc0401bcd8a84a9da12ad7727080322fafd931c108a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

93.158.208.100:27065

Targets

    • Target

      HashUpUtility.sfx.exe

    • Size

      5.8MB

    • MD5

      bbb3a49ef87ede0d986947c9a50fcaac

    • SHA1

      c89a832fdcb63f8278c1596b3a258abcb179f6eb

    • SHA256

      61d9f4cbc76b7889d7d17d262b63c0fd2ee40642653063b1eb6ab84397f8c57b

    • SHA512

      f1984dbba8cfa14c664ad99bd48816e7dca81405d7c30a9e2d61b4627b34a6b95797df2715f7b79789e79cc0401bcd8a84a9da12ad7727080322fafd931c108a

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks