Overview

overview

10

Static

static

NEW PURCHA...df.exe

windows7_x64

10

NEW PURCHA...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW PURCHASE ORDER SHEET 04576 pdf.exe

  • Size

    948KB

  • Sample

    210114-f51jzbg3lx

  • MD5

    8d85488ae3a9f7d866e2a694eec75c1f

  • SHA1

    9a81c957e4fcc2ea4c0089044154048c91eccd82

  • SHA256

    e8fc6222b30e251e6d11e20eb4b315a1b9a389fc076f31963d6780016075b1b4

  • SHA512

    09d79e5de54e61018a695fac08f950615f6f64704b983a5b929a318b07c56a575fbeee5b19464d21362389f1672bc8c63df088a2da378914e5106cfbe9845a61

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

194.5.97.66:1840

Targets

    • Target

      NEW PURCHASE ORDER SHEET 04576 pdf.exe

    • Size

      948KB

    • MD5

      8d85488ae3a9f7d866e2a694eec75c1f

    • SHA1

      9a81c957e4fcc2ea4c0089044154048c91eccd82

    • SHA256

      e8fc6222b30e251e6d11e20eb4b315a1b9a389fc076f31963d6780016075b1b4

    • SHA512

      09d79e5de54e61018a695fac08f950615f6f64704b983a5b929a318b07c56a575fbeee5b19464d21362389f1672bc8c63df088a2da378914e5106cfbe9845a61

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks