Overview

overview

10

Static

static

HSBC1A1B29...DF.exe

windows7_x64

10

HSBC1A1B29...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC1A1B2988TT0180120_PDF.exe

  • Size

    332KB

  • Sample

    210118-bygcct28ja

  • MD5

    ef6a60d48453d28ae1edf388b0c48354

  • SHA1

    b3009ecdba328e1c87fc62f97dbb8896b6e8d966

  • SHA256

    bf0e82358921791e16998b942e600a500a967f6e5c5b034a675af7e49663a34f

  • SHA512

    32e952f00d1baab17be94db8df11f78457b39ff6d1f0f90b024836e4fe24d8a6e49124bea2e7726e1bc9c02c47c08c128e42150ce10a09707ad03c4f7c635542

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

jackpiaau.duckdns.org:4902

ihechi.ddns.net:4902

Targets

    • Target

      HSBC1A1B2988TT0180120_PDF.exe

    • Size

      332KB

    • MD5

      ef6a60d48453d28ae1edf388b0c48354

    • SHA1

      b3009ecdba328e1c87fc62f97dbb8896b6e8d966

    • SHA256

      bf0e82358921791e16998b942e600a500a967f6e5c5b034a675af7e49663a34f

    • SHA512

      32e952f00d1baab17be94db8df11f78457b39ff6d1f0f90b024836e4fe24d8a6e49124bea2e7726e1bc9c02c47c08c128e42150ce10a09707ad03c4f7c635542

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks