Overview

overview

10

Static

static

atiflash_293.sfx.exe

windows7_x64

8

atiflash_293.sfx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atiflash_293.sfx.exe

  • Size

    6.5MB

  • Sample

    210112-vdfste1nlx

  • MD5

    6e1b3fc0daa62b5de4bdbc7d694c0e15

  • SHA1

    3c6e62e21f2b58461c4b888f55ee2c1a5712003a

  • SHA256

    d1a4049ba690a122863c55c4c7b35e18fdd25225dcb1f5e0a08a7c9f8ddb77be

  • SHA512

    9f9171ed2c22e63c72fd980d6960b0c0876a2f0bc41dc3b8c6a99b679f2947de6fdd73e070bd7bb2de59af5040644e058bdb575c58ac535861b7810d6422aecb

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.45.87.29:8000

Targets

    • Target

      atiflash_293.sfx.exe

    • Size

      6.5MB

    • MD5

      6e1b3fc0daa62b5de4bdbc7d694c0e15

    • SHA1

      3c6e62e21f2b58461c4b888f55ee2c1a5712003a

    • SHA256

      d1a4049ba690a122863c55c4c7b35e18fdd25225dcb1f5e0a08a7c9f8ddb77be

    • SHA512

      9f9171ed2c22e63c72fd980d6960b0c0876a2f0bc41dc3b8c6a99b679f2947de6fdd73e070bd7bb2de59af5040644e058bdb575c58ac535861b7810d6422aecb

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks