AS006-20211201.pdf.exe

General
Target

AS006-20211201.pdf.exe

Size

843KB

Sample

210113-hvt7sz98w6

Score
10 /10
MD5

5b58aebe0dd52b528d61475c704dd359

SHA1

2297d93e6223f8b03bccdb273ed0039ba8a77bd3

SHA256

43161c0778fd7277ad2d18d914e616e1ada7458ed92dff0d874fe5dd964c1975

SHA512

04e8595ea0b07861d9cbbe76ef67ea4199683a5cee080b7ecf11fcab485468bcf96280e21365a163aa105fc6e09c8ca23e0a06bf95e9d0fb1a422917e39acb21

Malware Config

Extracted

Family remcos
C2

91.193.75.185:1989

Targets
Target

AS006-20211201.pdf.exe

MD5

5b58aebe0dd52b528d61475c704dd359

Filesize

843KB

Score
10 /10
SHA1

2297d93e6223f8b03bccdb273ed0039ba8a77bd3

SHA256

43161c0778fd7277ad2d18d914e616e1ada7458ed92dff0d874fe5dd964c1975

SHA512

04e8595ea0b07861d9cbbe76ef67ea4199683a5cee080b7ecf11fcab485468bcf96280e21365a163aa105fc6e09c8ca23e0a06bf95e9d0fb1a422917e39acb21

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10