Overview

overview

10

Static

static

PURCHASE O...90.exe

windows7_x64

10

PURCHASE O...90.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER098090.exe

  • Size

    153KB

  • Sample

    210111-gt54gyt9xe

  • MD5

    c5318a4bb156bf5ce9d8bcd2e9f2682b

  • SHA1

    521c507e63ea7237b9c85ac2973a1b53465dabae

  • SHA256

    03ce96851d1e23ce614c9f24d97727c68f0f1156a442ff0eaecff89299dd90e9

  • SHA512

    c43fec4bb7d42c614283ccfc99a57be6da3bf56109bfd54b04b4097f9e9315632a948042fb60d6176bcba804870623d26be203d9a62bedfed705a9d1992240f1

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      PURCHASE ORDER098090.exe

    • Size

      153KB

    • MD5

      c5318a4bb156bf5ce9d8bcd2e9f2682b

    • SHA1

      521c507e63ea7237b9c85ac2973a1b53465dabae

    • SHA256

      03ce96851d1e23ce614c9f24d97727c68f0f1156a442ff0eaecff89299dd90e9

    • SHA512

      c43fec4bb7d42c614283ccfc99a57be6da3bf56109bfd54b04b4097f9e9315632a948042fb60d6176bcba804870623d26be203d9a62bedfed705a9d1992240f1

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks