Overview

overview

10

Static

static

Quote_4589...df.exe

windows7_x64

10

Quote_4589...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote_45893216_33661100.pdf.exe

  • Size

    757KB

  • Sample

    210113-m99ahyflnj

  • MD5

    cb823c7a092678a45b40f7740d3036c7

  • SHA1

    8c385821e1398d5ba703e94ca8952559f15dd82a

  • SHA256

    19fa9ec02851046fd1d39e19491c507ca4e757ac7fa50d0facf3e73849a7772f

  • SHA512

    28121c092660417be52d61e8d680bde84ce13ce924d890443ff51572d34a83c5b9d2cd69f6b8d5fa87700fbb2d5fd8c4b20e302d970054583384d94f4e7297fc

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

91.193.75.185:1989

Targets

    • Target

      Quote_45893216_33661100.pdf.exe

    • Size

      757KB

    • MD5

      cb823c7a092678a45b40f7740d3036c7

    • SHA1

      8c385821e1398d5ba703e94ca8952559f15dd82a

    • SHA256

      19fa9ec02851046fd1d39e19491c507ca4e757ac7fa50d0facf3e73849a7772f

    • SHA512

      28121c092660417be52d61e8d680bde84ce13ce924d890443ff51572d34a83c5b9d2cd69f6b8d5fa87700fbb2d5fd8c4b20e302d970054583384d94f4e7297fc

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks