General
-
Target
Shipping Document.exe
-
Size
993KB
-
Sample
210113-5f3yb8m6gn
-
MD5
522b6a9b012ad32cf9a5f8c5bd9503eb
-
SHA1
b1262d137fa69bd2a1961577cd1deb2d7b748bde
-
SHA256
0b69258626ece584131b49ae0aa317153d7b4ae602e7f936be7f462905cd9d8a
-
SHA512
e148b7bdb43e619282b56d4e3202ac57c65b77812e4f6e7a830d6bb0de6e20d6f6e13f6d10420937e4274297737435ffb800d342b3270fd8069409b83d708c1a
Malware Config
Extracted
remcos
79.134.225.34:20210
Targets
-
-
Target
Shipping Document.exe
-
Size
993KB
-
MD5
522b6a9b012ad32cf9a5f8c5bd9503eb
-
SHA1
b1262d137fa69bd2a1961577cd1deb2d7b748bde
-
SHA256
0b69258626ece584131b49ae0aa317153d7b4ae602e7f936be7f462905cd9d8a
-
SHA512
e148b7bdb43e619282b56d4e3202ac57c65b77812e4f6e7a830d6bb0de6e20d6f6e13f6d10420937e4274297737435ffb800d342b3270fd8069409b83d708c1a
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-