Overview

overview

10

Static

static

ir_exe.exe

windows7_x64

1

ir_exe.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ir_exe

  • Size

    657KB

  • Sample

    210116-drlhfr3d1e

  • MD5

    de43b3e46361b3522be35d19af67db4d

  • SHA1

    6009ec1f95be87abf4b379aaa089095c1a148886

  • SHA256

    c55d612d19305f4d4cc486f3129d64fd25bfcb58725b18bfb4c8a9e002c0b651

  • SHA512

    dbcd668d1dd5859bf1abdab9f3d9bb4094f99c66f656c76dadd5906e2b53be3be54087b6b54a91aa9bfad1f003d5196c922cf482dd0824ed69c3b96418ea56cd

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.181.166.25:27350

Targets

    • Target

      ir_exe

    • Size

      657KB

    • MD5

      de43b3e46361b3522be35d19af67db4d

    • SHA1

      6009ec1f95be87abf4b379aaa089095c1a148886

    • SHA256

      c55d612d19305f4d4cc486f3129d64fd25bfcb58725b18bfb4c8a9e002c0b651

    • SHA512

      dbcd668d1dd5859bf1abdab9f3d9bb4094f99c66f656c76dadd5906e2b53be3be54087b6b54a91aa9bfad1f003d5196c922cf482dd0824ed69c3b96418ea56cd

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks