Overview

overview

10

Static

static

09--0998899.exe

windows7_x64

10

09--0998899.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09--0998899.exe

  • Size

    468KB

  • Sample

    210114-azzx9ak7t2

  • MD5

    5c8fcc8693998cabc942af298bb96ce6

  • SHA1

    4b23d7c6fb0485ccdc6de237072b71f74ab893b9

  • SHA256

    5a9d6f65582f501b13882b7114eb420be506bbf8695a890e1573d3a20b8d0b7c

  • SHA512

    d7384355691aa2c806ed1b660022f13a92f44c41cc6812f49cd28f79811b5b56ba98410de8a433b094520a34912c0e56401b2cee969663b833b93bd2602013a3

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

72.11.157.241:4445

Targets

    • Target

      09--0998899.exe

    • Size

      468KB

    • MD5

      5c8fcc8693998cabc942af298bb96ce6

    • SHA1

      4b23d7c6fb0485ccdc6de237072b71f74ab893b9

    • SHA256

      5a9d6f65582f501b13882b7114eb420be506bbf8695a890e1573d3a20b8d0b7c

    • SHA512

      d7384355691aa2c806ed1b660022f13a92f44c41cc6812f49cd28f79811b5b56ba98410de8a433b094520a34912c0e56401b2cee969663b833b93bd2602013a3

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks