Overview

overview

10

Static

static

IMG-001GE-...01.exe

windows7_x64

10

IMG-001GE-...01.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-001GE-0HUE48E-001012-001.exe

  • Size

    758KB

  • Sample

    210112-yyll1vcsae

  • MD5

    36f8772daaf3d5bef5f0168a8640e81a

  • SHA1

    312435761f6749413ef260713e961fb4c5522cbf

  • SHA256

    e7683a0434d07f35f1be3a9726db68d250aa9b093ed922c2837c08efa719609c

  • SHA512

    23189c22c54459a5a9925f24a4152c34b96a8f1bf764b5d971b3bab4bb9489af757b28e81addedf1f8a5a0c84ef3fabf3d58a7c9d728e0bef68e537f637f317f

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

www.maneediem.com:2404

Targets

    • Target

      IMG-001GE-0HUE48E-001012-001.exe

    • Size

      758KB

    • MD5

      36f8772daaf3d5bef5f0168a8640e81a

    • SHA1

      312435761f6749413ef260713e961fb4c5522cbf

    • SHA256

      e7683a0434d07f35f1be3a9726db68d250aa9b093ed922c2837c08efa719609c

    • SHA512

      23189c22c54459a5a9925f24a4152c34b96a8f1bf764b5d971b3bab4bb9489af757b28e81addedf1f8a5a0c84ef3fabf3d58a7c9d728e0bef68e537f637f317f

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks