Overview

overview

10

Static

static

RFQ TK011521.exe

windows7_x64

10

RFQ TK011521.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ TK011521.exe

  • Size

    773KB

  • Sample

    210115-yrbbsvwhea

  • MD5

    1b82291a598a2e1a2b6c6db774ddb5ea

  • SHA1

    a4fa0d9d5a3ec8041d84eb4ca541e3e49833bc8c

  • SHA256

    4cd823b02efc3aaf62baa4f4e9c252ae487d969c887fe2a72291ad2e69359cac

  • SHA512

    6488bfca54881950ab06185e1aea997b6ed4a0c93e841dbe4e14e364b1f23d0deb68b5e4a71394fc63fe54c94a5792eae4d4d6a42a9adaf9f728f112e66cd470

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

jackpiaau.duckdns.org:4902

ihechi.ddns.net:4902

Targets

    • Target

      RFQ TK011521.exe

    • Size

      773KB

    • MD5

      1b82291a598a2e1a2b6c6db774ddb5ea

    • SHA1

      a4fa0d9d5a3ec8041d84eb4ca541e3e49833bc8c

    • SHA256

      4cd823b02efc3aaf62baa4f4e9c252ae487d969c887fe2a72291ad2e69359cac

    • SHA512

      6488bfca54881950ab06185e1aea997b6ed4a0c93e841dbe4e14e364b1f23d0deb68b5e4a71394fc63fe54c94a5792eae4d4d6a42a9adaf9f728f112e66cd470

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks