Overview

overview

10

Static

static

December SOA.exe

windows7_x64

10

December SOA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    December SOA.exe

  • Size

    942KB

  • Sample

    210112-h3e6x2h7kn

  • MD5

    196f910a3335186350701c40afd852b7

  • SHA1

    41461908d87d6ce39eebba80aea20bcd2fbfd8c0

  • SHA256

    ed8b7563a60bab9c7a5e4b7a79bb01fa744000fdc3a3bfab837418190d22752e

  • SHA512

    3a058f8d08e3a3d5da211eb8c05d92eb259a424100df11974156f9e90a2d9c662c23bddee2c9ff7c81bc2d860a9fc98c52e35d1b2087601379d7e1680b79b483

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

194.5.97.66:1840

Targets

    • Target

      December SOA.exe

    • Size

      942KB

    • MD5

      196f910a3335186350701c40afd852b7

    • SHA1

      41461908d87d6ce39eebba80aea20bcd2fbfd8c0

    • SHA256

      ed8b7563a60bab9c7a5e4b7a79bb01fa744000fdc3a3bfab837418190d22752e

    • SHA512

      3a058f8d08e3a3d5da211eb8c05d92eb259a424100df11974156f9e90a2d9c662c23bddee2c9ff7c81bc2d860a9fc98c52e35d1b2087601379d7e1680b79b483

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks