Overview

overview

10

Static

static

SRBPolarisV3.5.exe

windows7_x64

8

SRBPolarisV3.5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SRBPolarisV3.5.exe

  • Size

    4.3MB

  • Sample

    210101-nzvdfp5r4n

  • MD5

    6513a43b7fa6d6a0536fb2fe26105dbf

  • SHA1

    3198b72457449f357401eafd8e944deae616fdaf

  • SHA256

    4c25202298f76f1598a1e169ca435b80541e1db59c542f55e1eb8e3cbf76a419

  • SHA512

    837c06f346cf5eb90c10f282c832e482b87855c7665fc0ba0eebb3837b5d3bd47d92e614d66517fb6f9d794b4a930b2b515d3d5140b2f43a47ad038da0ec0129

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.61.56.10:9003

Targets

    • Target

      SRBPolarisV3.5.exe

    • Size

      4.3MB

    • MD5

      6513a43b7fa6d6a0536fb2fe26105dbf

    • SHA1

      3198b72457449f357401eafd8e944deae616fdaf

    • SHA256

      4c25202298f76f1598a1e169ca435b80541e1db59c542f55e1eb8e3cbf76a419

    • SHA512

      837c06f346cf5eb90c10f282c832e482b87855c7665fc0ba0eebb3837b5d3bd47d92e614d66517fb6f9d794b4a930b2b515d3d5140b2f43a47ad038da0ec0129

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks