Overview

overview

10

Static

static

zatiwinflash.exe

windows7_x64

10

zatiwinflash.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zatiwinflash.exe

  • Size

    3.9MB

  • Sample

    210111-z14zm21ews

  • MD5

    b482a15e02f50b37e00a2c4fccaac7f9

  • SHA1

    b9874893328b43970e09c9d42319d0c3f044f448

  • SHA256

    58c24970b7e3fd8a86585547df9a939b5cf6d5326b798400c804d9f55ddb3b10

  • SHA512

    2f7aa997016b6013a41e9d658265fd988ef0e36228bd773414788cafd61d531a30fc060434b5689dd23bd62d00a44642f76434c314dc9b1f6cdf980cc6904512

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

94.242.206.175:5883

Targets

    • Target

      zatiwinflash.exe

    • Size

      3.9MB

    • MD5

      b482a15e02f50b37e00a2c4fccaac7f9

    • SHA1

      b9874893328b43970e09c9d42319d0c3f044f448

    • SHA256

      58c24970b7e3fd8a86585547df9a939b5cf6d5326b798400c804d9f55ddb3b10

    • SHA512

      2f7aa997016b6013a41e9d658265fd988ef0e36228bd773414788cafd61d531a30fc060434b5689dd23bd62d00a44642f76434c314dc9b1f6cdf980cc6904512

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks