Overview

overview

10

Static

static

ALMENIDE G...T .exe

windows7_x64

10

ALMENIDE G...T .exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ALMENIDE GLOBAL SOURCING - PRODUCTS LIST .exe

  • Size

    878KB

  • Sample

    210113-xc9zyyhkr2

  • MD5

    e2c6b846839de667cbb3b05bc0dceb31

  • SHA1

    cbd0bb3f8987d2fdaace1ac6a2b2ceff8a49ce31

  • SHA256

    be65a77b922867eaeb9e0cb417eb3b1497ff25c583bc32dd2025e51a320f2610

  • SHA512

    46a108acaebdf2fda465f9b9dfd44fa3aafdc6f85c27893d3706aa540e42455e770c1364fc3ef8a4cabd67fa3cccd8b9758fd8f45c89aab74eb6b44cbcaa03b2

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

212.83.46.26:4044

Targets

    • Target

      ALMENIDE GLOBAL SOURCING - PRODUCTS LIST .exe

    • Size

      878KB

    • MD5

      e2c6b846839de667cbb3b05bc0dceb31

    • SHA1

      cbd0bb3f8987d2fdaace1ac6a2b2ceff8a49ce31

    • SHA256

      be65a77b922867eaeb9e0cb417eb3b1497ff25c583bc32dd2025e51a320f2610

    • SHA512

      46a108acaebdf2fda465f9b9dfd44fa3aafdc6f85c27893d3706aa540e42455e770c1364fc3ef8a4cabd67fa3cccd8b9758fd8f45c89aab74eb6b44cbcaa03b2

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks