Overview

overview

10

Static

static

originalco...df.exe

windows7_x64

1

originalco...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    originalcopy2021_pdf.exe

  • Size

    845KB

  • Sample

    210118-fa29ccatdn

  • MD5

    96038a49c8581a2e6c32b9f87c781c68

  • SHA1

    3a9a2ceceafd02a16c5e76674007973b8d34a71a

  • SHA256

    2a451883bcabf318c2d3acc4b2259716c744a76cda9a68b5798dfc157f94e8cb

  • SHA512

    ce2eaa5f871ab0ce7f72493e9df1c4feccd994bca46fef3b6fdfd7e34531a729e64e725159de905854414eaa739dafce10355abbfd2b3bf3266cedd824e731bc

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

96.9.246.149:2024

Targets

    • Target

      originalcopy2021_pdf.exe

    • Size

      845KB

    • MD5

      96038a49c8581a2e6c32b9f87c781c68

    • SHA1

      3a9a2ceceafd02a16c5e76674007973b8d34a71a

    • SHA256

      2a451883bcabf318c2d3acc4b2259716c744a76cda9a68b5798dfc157f94e8cb

    • SHA512

      ce2eaa5f871ab0ce7f72493e9df1c4feccd994bca46fef3b6fdfd7e34531a729e64e725159de905854414eaa739dafce10355abbfd2b3bf3266cedd824e731bc

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks