General

  • Target

    SLIP.exe

  • Size

    1.6MB

  • Sample

    210118-6acfejz2aa

  • MD5

    cd020bbe91886c44ed61a0b4947e2ed0

  • SHA1

    efdec00969f61b2795de443c843c57c737b12b46

  • SHA256

    963af49abf3f81e9ad4685ded0a27b7e6f6113291abe974cbb675deedbdf7bb6

  • SHA512

    3a1306d72e8200707405d8048f33a6e9157285563bd2999ee859ea8b4e6acbf4927b768ccd85ba62f872be64ceb029f647fc0e9b8592de54042148112c37677a

Score
10/10

Malware Config

Extracted

Family

remcos

C2

nkosarevaocs.duckdns.org:7266

Targets

    • Target

      SLIP.exe

    • Size

      1.6MB

    • MD5

      cd020bbe91886c44ed61a0b4947e2ed0

    • SHA1

      efdec00969f61b2795de443c843c57c737b12b46

    • SHA256

      963af49abf3f81e9ad4685ded0a27b7e6f6113291abe974cbb675deedbdf7bb6

    • SHA512

      3a1306d72e8200707405d8048f33a6e9157285563bd2999ee859ea8b4e6acbf4927b768ccd85ba62f872be64ceb029f647fc0e9b8592de54042148112c37677a

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks