General

  • Target

    Shipping Document PL& BL 00980 ,pdf.exe

  • Size

    1.0MB

  • Sample

    210118-s3qjm9ard2

  • MD5

    0329f09397d5b9f25dcc162d35568d05

  • SHA1

    ca9746f0bc270776ef6eb5ff74faf5d8d123b5f9

  • SHA256

    6f2ec1f1f9374aa47eaa43ff20135e245f6d98b7db8b6d293f1b8b46d3297f13

  • SHA512

    4efc896e871b4e4519dfd56c6f3884dc793f2173d2048ff27c5bd183a5858691887adc0ae8c7451562fdcf2d49ea62e957b3e60f3245d15af6988c290c749a1e

Score
10/10

Malware Config

Extracted

Family

remcos

C2

favour2021.ddns.net:1990

Targets

    • Target

      Shipping Document PL& BL 00980 ,pdf.exe

    • Size

      1.0MB

    • MD5

      0329f09397d5b9f25dcc162d35568d05

    • SHA1

      ca9746f0bc270776ef6eb5ff74faf5d8d123b5f9

    • SHA256

      6f2ec1f1f9374aa47eaa43ff20135e245f6d98b7db8b6d293f1b8b46d3297f13

    • SHA512

      4efc896e871b4e4519dfd56c6f3884dc793f2173d2048ff27c5bd183a5858691887adc0ae8c7451562fdcf2d49ea62e957b3e60f3245d15af6988c290c749a1e

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Tasks