Overview

overview

10

Static

static

000000000900R.exe

windows7_x64

10

000000000900R.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000000000900R.exe

  • Size

    288KB

  • Sample

    210112-49fp69f5nj

  • MD5

    59212ff2e885a97ae9065e66e14b3098

  • SHA1

    5ffdef8ddb19cc49c8863210ea62b802055073bc

  • SHA256

    0760d3239a1163436238b85852142f3477a87dba6f222737db19d99aa48092a7

  • SHA512

    045f2e23c5879f20bbc15ffb82c32e17d94331c730e28e68f097d9b8d64a729780da580b4e6ac440aded3ee17278f78930f60d8ebb4c696f18e50d125f377e56

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      000000000900R.exe

    • Size

      288KB

    • MD5

      59212ff2e885a97ae9065e66e14b3098

    • SHA1

      5ffdef8ddb19cc49c8863210ea62b802055073bc

    • SHA256

      0760d3239a1163436238b85852142f3477a87dba6f222737db19d99aa48092a7

    • SHA512

      045f2e23c5879f20bbc15ffb82c32e17d94331c730e28e68f097d9b8d64a729780da580b4e6ac440aded3ee17278f78930f60d8ebb4c696f18e50d125f377e56

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks