General
-
Target
INVOICE-PDF- SCAN COPY.exe
-
Size
1.5MB
-
Sample
210118-wm3zkw65tx
-
MD5
e6a1db28e3fa9241f8a37fc24a6bd0e7
-
SHA1
7c3c1c035d5022f035928fba257af94fe4ad81c6
-
SHA256
ce97e49dca586f267017b8d8778e65e58ca39162d738f696704ce287ad502d9b
-
SHA512
b3faf1f325fa73d685ce8a44f48d886198c2a07c12aa11c77d017c5f078fa8806f7fd944777dc5a017cdddda356b32c62a2d5a9c7d2df03d6d17c8a55bc03c01
Malware Config
Extracted
remcos
eileenwmsscm.duckdns.org:2558
Targets
-
-
Target
INVOICE-PDF- SCAN COPY.exe
-
Size
1.5MB
-
MD5
e6a1db28e3fa9241f8a37fc24a6bd0e7
-
SHA1
7c3c1c035d5022f035928fba257af94fe4ad81c6
-
SHA256
ce97e49dca586f267017b8d8778e65e58ca39162d738f696704ce287ad502d9b
-
SHA512
b3faf1f325fa73d685ce8a44f48d886198c2a07c12aa11c77d017c5f078fa8806f7fd944777dc5a017cdddda356b32c62a2d5a9c7d2df03d6d17c8a55bc03c01
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-