Overview

overview

10

Static

static

kart-00900......exe

windows7_x64

10

kart-00900......exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kart-009000000..pdf...exe

  • Size

    184KB

  • Sample

    210112-bm9ppyfsgn

  • MD5

    f26da8507893edc0a5d1ae94fc0c8b7f

  • SHA1

    840b1e604f2680900d7b1fc5141b2c784612a00c

  • SHA256

    3a11a9e7276e2d3d9fccd3f6e5a5b46ea9e9fb82946ef89a3f5dc8ca9a243b70

  • SHA512

    69ea0415d5a0a46c41f4d57a4f03c7ecdb84fc50b4e1e782ac71b9b1001c451c6ae4068a9fff0dac01c1aea532cae16e8e9d46f4628ba347ee7a69d0d38e3cd8

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      kart-009000000..pdf...exe

    • Size

      184KB

    • MD5

      f26da8507893edc0a5d1ae94fc0c8b7f

    • SHA1

      840b1e604f2680900d7b1fc5141b2c784612a00c

    • SHA256

      3a11a9e7276e2d3d9fccd3f6e5a5b46ea9e9fb82946ef89a3f5dc8ca9a243b70

    • SHA512

      69ea0415d5a0a46c41f4d57a4f03c7ecdb84fc50b4e1e782ac71b9b1001c451c6ae4068a9fff0dac01c1aea532cae16e8e9d46f4628ba347ee7a69d0d38e3cd8

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks