Overview

overview

10

Static

static

Oral-Action.scr

windows7_x64

10

Oral-Action.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Oral-Action.scr

  • Size

    1.7MB

  • Sample

    210106-51ddby827j

  • MD5

    1ba47e918f50f837096de2379c5d5150

  • SHA1

    97e59f85f0bcc0bdd6635ad21d1c43d4dfc28676

  • SHA256

    fd16b4767d7764fde593f6b7d6449ccb233c18270bf45d67edde500c5028dc94

  • SHA512

    f44c243db8e7434bf19216fa473a5d8b0b6202cfeb8b1fa42148c3af8cfb97086ab043a5216c2768a1e6b9b1d705365d0564cedb1399dc1833e0284efed4b270

Score
10/10
remcosevasionpersistencerattrojan

Malware Config

Extracted

Family

remcos

C2

masters4733.sytes.net:8686

Targets

    • Target

      Oral-Action.scr

    • Size

      1.7MB

    • MD5

      1ba47e918f50f837096de2379c5d5150

    • SHA1

      97e59f85f0bcc0bdd6635ad21d1c43d4dfc28676

    • SHA256

      fd16b4767d7764fde593f6b7d6449ccb233c18270bf45d67edde500c5028dc94

    • SHA512

      f44c243db8e7434bf19216fa473a5d8b0b6202cfeb8b1fa42148c3af8cfb97086ab043a5216c2768a1e6b9b1d705365d0564cedb1399dc1833e0284efed4b270

    Score
    10/10
    remcosevasionpersistencerattrojan

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks