Overview

overview

10

Static

static

AWB & CI_pdf.scr

windows7_x64

10

AWB & CI_pdf.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB & CI_pdf.scr

  • Size

    136KB

  • Sample

    210105-7zn5bn89ae

  • MD5

    b58bb63ee0cc0210601eaec932b0f871

  • SHA1

    86ffe34c6ca638fc94313a9e7b579d74d2c1b0ab

  • SHA256

    dde6436d3e8a969f96e4ccec6904631d562efad960e0e9a6a2a865174750f3d6

  • SHA512

    0f48ae8ad4a30b6132e375662e5b27b304f85fab2edb171035a3958e5cb8bca69100fb84fcf6e309d197de27511285b437ea3a169d5b04b682113801eca7fb84

Score
10/10
remcospersistencerat

Malware Config

Targets

    • Target

      AWB & CI_pdf.scr

    • Size

      136KB

    • MD5

      b58bb63ee0cc0210601eaec932b0f871

    • SHA1

      86ffe34c6ca638fc94313a9e7b579d74d2c1b0ab

    • SHA256

      dde6436d3e8a969f96e4ccec6904631d562efad960e0e9a6a2a865174750f3d6

    • SHA512

      0f48ae8ad4a30b6132e375662e5b27b304f85fab2edb171035a3958e5cb8bca69100fb84fcf6e309d197de27511285b437ea3a169d5b04b682113801eca7fb84

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks