Overview

overview

10

Static

static

atikmdag-p...fx.exe

windows7_x64

10

atikmdag-p...fx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atikmdag-patcher 1.4.7.sfx.exe

  • Size

    5.5MB

  • Sample

    210118-8kr4p26j3s

  • MD5

    1d8a78003b98c9af50cc28803971e576

  • SHA1

    de0d305c12f60191beabbd5e875ac410dac8cde1

  • SHA256

    458a03ecc28d7f704b5059263cfcad7cb94e51d5f5f2e0ad85e4e5b25da1e253

  • SHA512

    cc598aeafc671635f558db58fa551ed219c235147e6e65f2278a922003092f322f696e6f5ad6e8e0bf02cdd7b437fbdfd0dad79eea1a7ed3da4bb51982188acc

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

5.45.87.29:8000

Targets

    • Target

      atikmdag-patcher 1.4.7.sfx.exe

    • Size

      5.5MB

    • MD5

      1d8a78003b98c9af50cc28803971e576

    • SHA1

      de0d305c12f60191beabbd5e875ac410dac8cde1

    • SHA256

      458a03ecc28d7f704b5059263cfcad7cb94e51d5f5f2e0ad85e4e5b25da1e253

    • SHA512

      cc598aeafc671635f558db58fa551ed219c235147e6e65f2278a922003092f322f696e6f5ad6e8e0bf02cdd7b437fbdfd0dad79eea1a7ed3da4bb51982188acc

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks