Overview

overview

10

Static

static

Quiero hac...to.exe

windows7_x64

10

Quiero hac...to.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quiero hacer el pedido de su producto.exe

  • Size

    988KB

  • Sample

    210118-4lj7c55ha2

  • MD5

    15b0f7e4d6d3085d5dc9db5527882358

  • SHA1

    cf5cf6625e42d443c51c64df1232cea1408d4372

  • SHA256

    62b2de7bb2bb84023725e04675fef0090998a2c96ec05fa40113c7f2c52e6562

  • SHA512

    1fafd0420aea8ed9b03992171ec4aeaba6df116ba4761810ad6054fe1de3f475d642dfbf65179a7995464ece3ad4b6c8226df8f7a1fa37188181fb89ab98a84d

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

mikegrace2021.ddns.net:1999

Targets

    • Target

      Quiero hacer el pedido de su producto.exe

    • Size

      988KB

    • MD5

      15b0f7e4d6d3085d5dc9db5527882358

    • SHA1

      cf5cf6625e42d443c51c64df1232cea1408d4372

    • SHA256

      62b2de7bb2bb84023725e04675fef0090998a2c96ec05fa40113c7f2c52e6562

    • SHA512

      1fafd0420aea8ed9b03992171ec4aeaba6df116ba4761810ad6054fe1de3f475d642dfbf65179a7995464ece3ad4b6c8226df8f7a1fa37188181fb89ab98a84d

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks