Overview

overview

10

Static

static

GST Invoic...33.exe

windows7_x64

10

GST Invoic...33.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GST Invoice - No.SKDC2001006133.exe

  • Size

    1.3MB

  • Sample

    210108-1197a4b5ga

  • MD5

    807d184706be5d985443653bab74c2a7

  • SHA1

    2ffb77203c1fa719e7df160a11fb2462843ed1b5

  • SHA256

    ec61eb67057660a18fa9d4465b12830c2bbded3234a401dd441176db16176803

  • SHA512

    30cdd2733a9a371d8b4a1d2f068f65b3190a29a31c4350e33264fb6263ddd887af95172983866be00eb3b45dbcd6c4b2da319e74aeb49ced7cb2b6e50e41324b

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

212.83.46.26:4023

Targets

    • Target

      GST Invoice - No.SKDC2001006133.exe

    • Size

      1.3MB

    • MD5

      807d184706be5d985443653bab74c2a7

    • SHA1

      2ffb77203c1fa719e7df160a11fb2462843ed1b5

    • SHA256

      ec61eb67057660a18fa9d4465b12830c2bbded3234a401dd441176db16176803

    • SHA512

      30cdd2733a9a371d8b4a1d2f068f65b3190a29a31c4350e33264fb6263ddd887af95172983866be00eb3b45dbcd6c4b2da319e74aeb49ced7cb2b6e50e41324b

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks