Overview

overview

10

Static

static

atikmdag-p...er.exe

windows7_x64

atikmdag-p...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atikmdag-patcher_1.4.7.zip

  • Size

    5.4MB

  • Sample

    210115-gd1yej4p16

  • MD5

    76d638ab7f56450b12a72a221f3d1c92

  • SHA1

    93a67242f5098eb76ce33c6e6a5db0668e9cf920

  • SHA256

    109b8048c135d43e06ca9014242bc8594575b9ba3da2c97ade9ff9bbd37cc7f0

  • SHA512

    e41b803960ff5c9f30295d4c341cf22653b6740f98157618dbd1081b8559dac7ac5f9ddd61f21c33f66c26d1f29f009b63cdea3cb9917a4868d390ed9bfd6d37

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.45.87.29:8000

Targets

    • Target

      atikmdag-patcher_1.4.7/atikmdag-patcher.exe

    • Size

      2.9MB

    • MD5

      c38133ac0fdf5c4265c0a144bf8e27b9

    • SHA1

      f16f40c915c7a44b144d877108a54bb6f9891704

    • SHA256

      f5fd48cb502aac5d090612e1a9d22e62e3788ae4d475206e1b6a0df84a309e1b

    • SHA512

      c6f32cbad10790749cb711e427132ed55c7617fb3ab44bcc09decdc1342b759ddd3cc874ac8fa861711fafc969175e58475e42d987500f04fa9f9723122a4004

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks