Overview

overview

10

Static

static

0908870000...00.exe

windows7_x64

10

0908870000...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    090887000008000000.exe

  • Size

    573KB

  • Sample

    210111-5xt2kwr3d6

  • MD5

    e9cf73a3acf2068657359b902c67deef

  • SHA1

    1607d9d4b7f869eb25a3b1e7fcf9359d72718e22

  • SHA256

    5245ed24d76b45f0d9de8c7ce2a7665ded270b8ba7d6b29191e8592630c19b97

  • SHA512

    e49151a25b9876dad31cfd7663934377c6bb989b066ec239bdfd6eda3486e8b9da5bb1f3f4a8315d969d577af31532bb072339e4cec7bb60b3dca38b08e50467

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      090887000008000000.exe

    • Size

      573KB

    • MD5

      e9cf73a3acf2068657359b902c67deef

    • SHA1

      1607d9d4b7f869eb25a3b1e7fcf9359d72718e22

    • SHA256

      5245ed24d76b45f0d9de8c7ce2a7665ded270b8ba7d6b29191e8592630c19b97

    • SHA512

      e49151a25b9876dad31cfd7663934377c6bb989b066ec239bdfd6eda3486e8b9da5bb1f3f4a8315d969d577af31532bb072339e4cec7bb60b3dca38b08e50467

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks