General

  • Target

    4d7715c57054b475521b9528f50d5585.exe

  • Size

    1.3MB

  • Sample

    210118-v34apkq7e6

  • MD5

    4d7715c57054b475521b9528f50d5585

  • SHA1

    38a843f92b5d06d522bb06b3b2c158eb45ec5f26

  • SHA256

    f08283e69eef4b48bec25a82962517ead7c998619d431b6b9eb9b227ad520e84

  • SHA512

    011264fdb4ad9009095ff231961d250953b4736fa5b0dd3eb2b2c50d93670d4645bf53ed26bad67aabf548388b9eea330df5fe6616d91b8a42ce9c503ad3bc84

Score
10/10

Malware Config

Extracted

Family

remcos

C2

wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996

Targets

    • Target

      4d7715c57054b475521b9528f50d5585.exe

    • Size

      1.3MB

    • MD5

      4d7715c57054b475521b9528f50d5585

    • SHA1

      38a843f92b5d06d522bb06b3b2c158eb45ec5f26

    • SHA256

      f08283e69eef4b48bec25a82962517ead7c998619d431b6b9eb9b227ad520e84

    • SHA512

      011264fdb4ad9009095ff231961d250953b4736fa5b0dd3eb2b2c50d93670d4645bf53ed26bad67aabf548388b9eea330df5fe6616d91b8a42ce9c503ad3bc84

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks