Overview

overview

10

Static

static

Shipping Document.exe

windows7_x64

10

Shipping Document.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping Document.exe

  • Size

    993KB

  • Sample

    210113-5f3yb8m6gn

  • MD5

    522b6a9b012ad32cf9a5f8c5bd9503eb

  • SHA1

    b1262d137fa69bd2a1961577cd1deb2d7b748bde

  • SHA256

    0b69258626ece584131b49ae0aa317153d7b4ae602e7f936be7f462905cd9d8a

  • SHA512

    e148b7bdb43e619282b56d4e3202ac57c65b77812e4f6e7a830d6bb0de6e20d6f6e13f6d10420937e4274297737435ffb800d342b3270fd8069409b83d708c1a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

79.134.225.34:20210

Targets

    • Target

      Shipping Document.exe

    • Size

      993KB

    • MD5

      522b6a9b012ad32cf9a5f8c5bd9503eb

    • SHA1

      b1262d137fa69bd2a1961577cd1deb2d7b748bde

    • SHA256

      0b69258626ece584131b49ae0aa317153d7b4ae602e7f936be7f462905cd9d8a

    • SHA512

      e148b7bdb43e619282b56d4e3202ac57c65b77812e4f6e7a830d6bb0de6e20d6f6e13f6d10420937e4274297737435ffb800d342b3270fd8069409b83d708c1a

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks