Overview

overview

10

Static

static

Fwd reques...on.exe

windows7_x64

10

Fwd reques...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fwd request for quotation.exe

  • Size

    576KB

  • Sample

    210114-4atq2y11j6

  • MD5

    10a8dcefb614399d981c930727440c45

  • SHA1

    34d59574e7266fab63bb00de7a7877595bf9a607

  • SHA256

    a982ada2d2ac5c1f57a98aeb33fb4cb64cf90f04aabba376c675f5a7a086fd60

  • SHA512

    8d7f3e44f1d2e42fb1e1eadfc63dc99311e7a73839dcf29362745838a867056bcf9752d0f8128289a4d4df9d2b9da444ea081dae37b0f1d14e2f19430a7e70a4

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

194.5.97.90:1234

Targets

    • Target

      Fwd request for quotation.exe

    • Size

      576KB

    • MD5

      10a8dcefb614399d981c930727440c45

    • SHA1

      34d59574e7266fab63bb00de7a7877595bf9a607

    • SHA256

      a982ada2d2ac5c1f57a98aeb33fb4cb64cf90f04aabba376c675f5a7a086fd60

    • SHA512

      8d7f3e44f1d2e42fb1e1eadfc63dc99311e7a73839dcf29362745838a867056bcf9752d0f8128289a4d4df9d2b9da444ea081dae37b0f1d14e2f19430a7e70a4

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks