Overview

overview

10

Static

static

PO-OIOI09000.exe

windows7_x64

10

PO-OIOI09000.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-OIOI09000.exe

  • Size

    162KB

  • Sample

    210112-zhcyxe9cl6

  • MD5

    79b1df10d2cd8b5a115059a656594d04

  • SHA1

    d42137c82f89036c6d0ed10c5df9bece89e4d8ba

  • SHA256

    5af5665fcaf756eec2ab43c07645c814438102dba39e782a030025635a8fb713

  • SHA512

    3dbb4ec67ae5b99c121f61088acc3336ff6bd1f8f93291db596448817150f9a340b2a6803cd0a12e4e9db4843d0d86318bacece36cb5f8bb5fea84341d9c24fa

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      PO-OIOI09000.exe

    • Size

      162KB

    • MD5

      79b1df10d2cd8b5a115059a656594d04

    • SHA1

      d42137c82f89036c6d0ed10c5df9bece89e4d8ba

    • SHA256

      5af5665fcaf756eec2ab43c07645c814438102dba39e782a030025635a8fb713

    • SHA512

      3dbb4ec67ae5b99c121f61088acc3336ff6bd1f8f93291db596448817150f9a340b2a6803cd0a12e4e9db4843d0d86318bacece36cb5f8bb5fea84341d9c24fa

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks