General

  • Target

    godflex-r2.exe

  • Size

    2.1MB

  • Sample

    210101-qkmj5qr8t6

  • MD5

    bc9d8bf64ab149a01edd9bfe3cc8dad9

  • SHA1

    abb61ea183d5d9e5a2a0f81aeda36abb6adf1aa0

  • SHA256

    6624ce134dd16a37d6615483002f24b74c74c55b45259bc5408b7ae804d0fe22

  • SHA512

    72330be2414f04a7557caea52739f9e2721b22a73b9416b441875a42f46e531dd51213fd3259e0c862b82035ba68694651ebffe2547370866896fa52ca1df729

Score
10/10

Malware Config

Extracted

Family

remcos

C2

193.111.198.220:5861

Targets

    • Target

      godflex-r2.exe

    • Size

      2.1MB

    • MD5

      bc9d8bf64ab149a01edd9bfe3cc8dad9

    • SHA1

      abb61ea183d5d9e5a2a0f81aeda36abb6adf1aa0

    • SHA256

      6624ce134dd16a37d6615483002f24b74c74c55b45259bc5408b7ae804d0fe22

    • SHA512

      72330be2414f04a7557caea52739f9e2721b22a73b9416b441875a42f46e531dd51213fd3259e0c862b82035ba68694651ebffe2547370866896fa52ca1df729

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • JavaScript code in executable

MITRE ATT&CK Matrix

Tasks