Overview

overview

10

Static

static

DHL fil.exe

windows7_x64

10

DHL fil.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL fil.exe

  • Size

    1.7MB

  • Sample

    210104-mx8eg5pagn

  • MD5

    0400ac5d652f38d0b60274ceed2e673a

  • SHA1

    9c4ea3cda7382930907a89dc8c6ad22dcecc0e67

  • SHA256

    816f26e5b5de1be644fff419718bc3e1b8410a4a9a9f405d8db814e7758608d9

  • SHA512

    389776faa311fa1b10e9eda5a0f93898109f73e75214fe1007ea6bb03c87bb26f76506a1828b42825f8ed1d8d4ac3969e4836a628514ae05a99753ce0629bc37

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

u875414.nvpn.to:2404

u875414.duckdns.org:2404

u875414.ddns.net:2404

u875414.nsupdate.info:2404

Targets

    • Target

      DHL fil.exe

    • Size

      1.7MB

    • MD5

      0400ac5d652f38d0b60274ceed2e673a

    • SHA1

      9c4ea3cda7382930907a89dc8c6ad22dcecc0e67

    • SHA256

      816f26e5b5de1be644fff419718bc3e1b8410a4a9a9f405d8db814e7758608d9

    • SHA512

      389776faa311fa1b10e9eda5a0f93898109f73e75214fe1007ea6bb03c87bb26f76506a1828b42825f8ed1d8d4ac3969e4836a628514ae05a99753ce0629bc37

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks