Overview

overview

10

Static

static

TASK RFQ TK011421.exe

windows7_x64

10

TASK RFQ TK011421.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TASK RFQ TK011421.exe

  • Size

    1.1MB

  • Sample

    210114-g3zfcqxw2a

  • MD5

    77bbd1804b806928cedfedac403e6bde

  • SHA1

    2e034daa0929154667399674bfe48cbc5a724b40

  • SHA256

    5199dc12c469b0f3ea916ec486beb1ce45714b490186624df71a42a2b26abb7d

  • SHA512

    4e0fd0b3a5ac6cae895dcd742b05d6ec6b4f86b4cf52df9d6801a8609b19384984742a92c3b13667cee5d67ac020864c77d530a791913088d42c2636d7e0c17f

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

jackpiaau.duckdns.org:4902

ihechi.ddns.net:4902

Targets

    • Target

      TASK RFQ TK011421.exe

    • Size

      1.1MB

    • MD5

      77bbd1804b806928cedfedac403e6bde

    • SHA1

      2e034daa0929154667399674bfe48cbc5a724b40

    • SHA256

      5199dc12c469b0f3ea916ec486beb1ce45714b490186624df71a42a2b26abb7d

    • SHA512

      4e0fd0b3a5ac6cae895dcd742b05d6ec6b4f86b4cf52df9d6801a8609b19384984742a92c3b13667cee5d67ac020864c77d530a791913088d42c2636d7e0c17f

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks