Overview

overview

10

Static

static

PolarisBio...er.exe

windows7_x64

8

PolarisBio...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PolarisBiosEditor-master.exe

  • Size

    1.7MB

  • Sample

    210101-6pvafxqc76

  • MD5

    dab64fc2e97031487358ef3553c8ff8a

  • SHA1

    7f8258b6e9a455a4de914c5ee0952821ef036308

  • SHA256

    da58d100900745d6a15113e8b8cb5c2a3252a3c4a063ccc64fd09cc75cfb21ff

  • SHA512

    44e4fb714cf5ac71bb3c5517b039227a1b2c3952948e85c0b2a758b06cc60ba8203e1dcaa6a9fdeabf8c51e3327016fe5a9f7e67845cd5705665a281dccbd66f

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

193.111.198.220:5861

Targets

    • Target

      PolarisBiosEditor-master.exe

    • Size

      1.7MB

    • MD5

      dab64fc2e97031487358ef3553c8ff8a

    • SHA1

      7f8258b6e9a455a4de914c5ee0952821ef036308

    • SHA256

      da58d100900745d6a15113e8b8cb5c2a3252a3c4a063ccc64fd09cc75cfb21ff

    • SHA512

      44e4fb714cf5ac71bb3c5517b039227a1b2c3952948e85c0b2a758b06cc60ba8203e1dcaa6a9fdeabf8c51e3327016fe5a9f7e67845cd5705665a281dccbd66f

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks