Overview

overview

10

Static

static

SC30003983763.exe

windows7_x64

10

SC30003983763.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SC30003983763.exe

  • Size

    492KB

  • Sample

    210113-kpaxrw6qlj

  • MD5

    ed0657c7ee885752cc36859ac8c4f7f9

  • SHA1

    9fd613617dd96e689472575dae56c5497dbf3348

  • SHA256

    aea8b826c919840c0757bde7e31b915fda0439bd28b10418479aa17c53f91e12

  • SHA512

    69eae75cd1463ca50fc434843ba3558c014b57394de813f1993b418af349c9769ba23d29dfa7877f615495f525ba242beb8ea0f2faaf0cf4afc35db5dc550827

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

79.134.225.72:32765

Targets

    • Target

      SC30003983763.exe

    • Size

      492KB

    • MD5

      ed0657c7ee885752cc36859ac8c4f7f9

    • SHA1

      9fd613617dd96e689472575dae56c5497dbf3348

    • SHA256

      aea8b826c919840c0757bde7e31b915fda0439bd28b10418479aa17c53f91e12

    • SHA512

      69eae75cd1463ca50fc434843ba3558c014b57394de813f1993b418af349c9769ba23d29dfa7877f615495f525ba242beb8ea0f2faaf0cf4afc35db5dc550827

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks