Overview

overview

10

Static

static

atikmdag-p....8.exe

windows7_x64

8

atikmdag-p....8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atikmdag-patcher_1.4.8.exe

  • Size

    4.2MB

  • Sample

    210106-bjt7vddrj2

  • MD5

    d2e7c1150693130bfd4aa71d482b8cf3

  • SHA1

    75e00f201a7ed6d2d1def492445a4fb7665eac68

  • SHA256

    7c5296a628df511b5a1cee6f32910c80afb607b2bc8412e6741f7feb2d93b0c5

  • SHA512

    36b4262760eb07bb380753b44831c2d78205d70910efa59438fcbda7b69efc9567eb663c505dbdff2694590d2169ba2ad4433ec4a56ecfb047046456de93746b

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.61.56.10:9004

Targets

    • Target

      atikmdag-patcher_1.4.8.exe

    • Size

      4.2MB

    • MD5

      d2e7c1150693130bfd4aa71d482b8cf3

    • SHA1

      75e00f201a7ed6d2d1def492445a4fb7665eac68

    • SHA256

      7c5296a628df511b5a1cee6f32910c80afb607b2bc8412e6741f7feb2d93b0c5

    • SHA512

      36b4262760eb07bb380753b44831c2d78205d70910efa59438fcbda7b69efc9567eb663c505dbdff2694590d2169ba2ad4433ec4a56ecfb047046456de93746b

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks