General

  • Target

    OhGodAnETHlargementPill2.exe

  • Size

    6.1MB

  • Sample

    210105-phgra5bvta

  • MD5

    bc56da0b4522302f1bb8506ad4f35be2

  • SHA1

    aa93d34f9c2018090b5138f7b9ea974bf86aefff

  • SHA256

    f7ae9bdd03e5df038aad0e809dbf31a00ca5e3b6aec3960417e14d5da18fd373

  • SHA512

    ef574f24841c25e6e5ed4483ef8e564115505e94748cfa227a0dd4a1545f7b2599ff6447bea34821b3cf70789b9ae84502588a48c677ad8c60836e887e40cf30

Score
10/10

Malware Config

Extracted

Family

remcos

C2

193.111.198.220:5862

Targets

    • Target

      OhGodAnETHlargementPill2.exe

    • Size

      6.1MB

    • MD5

      bc56da0b4522302f1bb8506ad4f35be2

    • SHA1

      aa93d34f9c2018090b5138f7b9ea974bf86aefff

    • SHA256

      f7ae9bdd03e5df038aad0e809dbf31a00ca5e3b6aec3960417e14d5da18fd373

    • SHA512

      ef574f24841c25e6e5ed4483ef8e564115505e94748cfa227a0dd4a1545f7b2599ff6447bea34821b3cf70789b9ae84502588a48c677ad8c60836e887e40cf30

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • JavaScript code in executable

MITRE ATT&CK Matrix

Tasks