Overview

overview

10

Static

static

000009000000900.exe

windows7_x64

10

000009000000900.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000009000000900.exe

  • Size

    443KB

  • Sample

    210113-n5swvq2cke

  • MD5

    881a02cd53c6403a7e543185b29a42f5

  • SHA1

    c6cb7c4594be2c4578b359e4b1edfe98c131d856

  • SHA256

    9a923858b6e0434e961118c2e0b6fc62bfddf64e1fc69b1b8acaa323d27c1d5e

  • SHA512

    3180af12faa6ac2d137fee19eeaf8856bb48fb4bd4a95ead82aee77f82f2797236314864c18bee894ea28726ff6a6167109afe3a8aa627af523d6ce67accfbf9

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      000009000000900.exe

    • Size

      443KB

    • MD5

      881a02cd53c6403a7e543185b29a42f5

    • SHA1

      c6cb7c4594be2c4578b359e4b1edfe98c131d856

    • SHA256

      9a923858b6e0434e961118c2e0b6fc62bfddf64e1fc69b1b8acaa323d27c1d5e

    • SHA512

      3180af12faa6ac2d137fee19eeaf8856bb48fb4bd4a95ead82aee77f82f2797236314864c18bee894ea28726ff6a6167109afe3a8aa627af523d6ce67accfbf9

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks