Overview

overview

10

Static

static

BID_TENDER...20.exe

windows7_x64

10

BID_TENDER...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BID_TENDER_DOCUMENTS-#01.08.2020.exe

  • Size

    778KB

  • Sample

    210108-r7v8ka615s

  • MD5

    1df1ba3f5339b6185d2588efb1d35859

  • SHA1

    db75794e44a59da19d4540257e8b4389cd31b87a

  • SHA256

    200c65040041056006600f5a6ed2bbc3281a6e440a12d24a84544d65e157288e

  • SHA512

    0fcbdb5b4c4eb8af7a6c0130226696b73e666fdf8fe40b351201963772d94e9898b7bbbcecac512a4746022bacc2f7fc59083390698d47e34c2beffe7151733b

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

212.83.46.26:4023

Targets

    • Target

      BID_TENDER_DOCUMENTS-#01.08.2020.exe

    • Size

      778KB

    • MD5

      1df1ba3f5339b6185d2588efb1d35859

    • SHA1

      db75794e44a59da19d4540257e8b4389cd31b87a

    • SHA256

      200c65040041056006600f5a6ed2bbc3281a6e440a12d24a84544d65e157288e

    • SHA512

      0fcbdb5b4c4eb8af7a6c0130226696b73e666fdf8fe40b351201963772d94e9898b7bbbcecac512a4746022bacc2f7fc59083390698d47e34c2beffe7151733b

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks