Overview

overview

10

Static

static

New PO.exe

windows7_x64

10

New PO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New PO.exe

  • Size

    665KB

  • Sample

    210106-rjqfvsqzx2

  • MD5

    5ad9944b195708e20ed9008a6aca905d

  • SHA1

    56a770ba16062100d0cb2574fe24a042718c9fbc

  • SHA256

    4fe8c8398a6cf30cfd7cbed590de821abdb40aa177781c43c19bdfec75308355

  • SHA512

    a4e92e98029adb6d46a6d225d90284ec2b11c8b3763557a80c3fe8fd629cb0ccfb3f7c0570430127c6c3a3d3146c9ea73321f1ccbf6a664d3af5690c1fd6ae7d

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

194.5.98.32:959

Targets

    • Target

      New PO.exe

    • Size

      665KB

    • MD5

      5ad9944b195708e20ed9008a6aca905d

    • SHA1

      56a770ba16062100d0cb2574fe24a042718c9fbc

    • SHA256

      4fe8c8398a6cf30cfd7cbed590de821abdb40aa177781c43c19bdfec75308355

    • SHA512

      a4e92e98029adb6d46a6d225d90284ec2b11c8b3763557a80c3fe8fd629cb0ccfb3f7c0570430127c6c3a3d3146c9ea73321f1ccbf6a664d3af5690c1fd6ae7d

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks