Overview

overview

10

Static

static

libcrypto-1_1.sfx.exe

windows7_x64

8

libcrypto-1_1.sfx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    libcrypto-1_1.sfx.exe

  • Size

    1.4MB

  • Sample

    210114-atfvz88nj2

  • MD5

    c73b9d798dc08c4df18123d625233978

  • SHA1

    ad7085e07536ca69857691a5cdc0ace7a52591f3

  • SHA256

    210aba7001d319d2c2c365aa0362fb1c2c7a9b5f208b9a189d6571e4a5c149bf

  • SHA512

    0aeb23969062c34cd4d243756f78c7d0f4afc6b481c990ee3000714f44c74eb3a8d6cd378d35574f42318671763eed23580324baf3af5f8f236cd220294cac4a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

51.222.10.175:5861

Targets

    • Target

      libcrypto-1_1.sfx.exe

    • Size

      1.4MB

    • MD5

      c73b9d798dc08c4df18123d625233978

    • SHA1

      ad7085e07536ca69857691a5cdc0ace7a52591f3

    • SHA256

      210aba7001d319d2c2c365aa0362fb1c2c7a9b5f208b9a189d6571e4a5c149bf

    • SHA512

      0aeb23969062c34cd4d243756f78c7d0f4afc6b481c990ee3000714f44c74eb3a8d6cd378d35574f42318671763eed23580324baf3af5f8f236cd220294cac4a

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks