General

  • Target

    09--0998899.exe

  • Size

    468KB

  • Sample

    210114-azzx9ak7t2

  • MD5

    5c8fcc8693998cabc942af298bb96ce6

  • SHA1

    4b23d7c6fb0485ccdc6de237072b71f74ab893b9

  • SHA256

    5a9d6f65582f501b13882b7114eb420be506bbf8695a890e1573d3a20b8d0b7c

  • SHA512

    d7384355691aa2c806ed1b660022f13a92f44c41cc6812f49cd28f79811b5b56ba98410de8a433b094520a34912c0e56401b2cee969663b833b93bd2602013a3

Score
10/10

Malware Config

Extracted

Family

remcos

C2

72.11.157.241:4445

Targets

    • Target

      09--0998899.exe

    • Size

      468KB

    • MD5

      5c8fcc8693998cabc942af298bb96ce6

    • SHA1

      4b23d7c6fb0485ccdc6de237072b71f74ab893b9

    • SHA256

      5a9d6f65582f501b13882b7114eb420be506bbf8695a890e1573d3a20b8d0b7c

    • SHA512

      d7384355691aa2c806ed1b660022f13a92f44c41cc6812f49cd28f79811b5b56ba98410de8a433b094520a34912c0e56401b2cee969663b833b93bd2602013a3

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks