Overview

overview

10

Static

static

2CBPOfVTs5QeG8Z.exe

windows7_x64

10

2CBPOfVTs5QeG8Z.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2CBPOfVTs5QeG8Z.exe

  • Size

    725KB

  • Sample

    210113-s7cagy9ka2

  • MD5

    7b709e3928fa5d957244a6620d546a7e

  • SHA1

    fd6f4702fe9bcdcfc9555f50b2917ff6ca00ba12

  • SHA256

    4e9dc740909974e7e5c1f5618bfba6192ada1ab988173685a50280bb4d232a5f

  • SHA512

    4ecfad7f2221a1d37997aa40fc45bfb88a2630021cc3506b1c641a18913fb5944508f31f80f6b0d297031e3349d6a5034bb72c2a5ece181ce841576326faf970

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

185.244.26.208:29100

Targets

    • Target

      2CBPOfVTs5QeG8Z.exe

    • Size

      725KB

    • MD5

      7b709e3928fa5d957244a6620d546a7e

    • SHA1

      fd6f4702fe9bcdcfc9555f50b2917ff6ca00ba12

    • SHA256

      4e9dc740909974e7e5c1f5618bfba6192ada1ab988173685a50280bb4d232a5f

    • SHA512

      4ecfad7f2221a1d37997aa40fc45bfb88a2630021cc3506b1c641a18913fb5944508f31f80f6b0d297031e3349d6a5034bb72c2a5ece181ce841576326faf970

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks