General
-
Target
PO-scandocumentsfile00108392.exe
-
Size
851KB
-
Sample
210115-lwteqraxrs
-
MD5
ed01719e79f8008d4ede16e7edff753a
-
SHA1
9929ccd810f335d2d2b84e7ba519940bb9f58fe8
-
SHA256
a7ada9eefa9c775d0215af6bc497e305f8067290f5e9642e582c6d4c3ec65756
-
SHA512
188adc96dbef43ddc4f110958bf68920288a0b9759317a473e78e146bd302ace63de73da93ec9e644e3526ed9d69472a47ac178e6e3d84ea93ccf21a5a3fab90
Malware Config
Extracted
remcos
www.maneediem.com:2404
Targets
-
-
Target
PO-scandocumentsfile00108392.exe
-
Size
851KB
-
MD5
ed01719e79f8008d4ede16e7edff753a
-
SHA1
9929ccd810f335d2d2b84e7ba519940bb9f58fe8
-
SHA256
a7ada9eefa9c775d0215af6bc497e305f8067290f5e9642e582c6d4c3ec65756
-
SHA512
188adc96dbef43ddc4f110958bf68920288a0b9759317a473e78e146bd302ace63de73da93ec9e644e3526ed9d69472a47ac178e6e3d84ea93ccf21a5a3fab90
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-