Overview

overview

10

Static

static

Dhl Delive...DF.exe

windows7_x64

10

Dhl Delive...DF.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dhl Delivery Shipping Cargo, PDF.exe

  • Size

    1.1MB

  • Sample

    210118-xjf8wrr7qx

  • MD5

    ba0fba7f60adab31a07ee0b8707164ef

  • SHA1

    9bc0f14230a8439566d69caa5ddd730b946afbc8

  • SHA256

    a9bb3e9f775ca73baaac71ef7e7b4a5d7c467aef99d3b8f34856f16dbb3afe26

  • SHA512

    bb95b5eb16b015759b577d6b15f4fc07eb7171db328db98c56235aaa9e71680d678c1b6149b50f7a1e6ad083e914e2a437cd2cd67fc6f83223021f5361f3afea

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

mikegrace2021.ddns.net:1999

Targets

    • Target

      Dhl Delivery Shipping Cargo, PDF.exe

    • Size

      1.1MB

    • MD5

      ba0fba7f60adab31a07ee0b8707164ef

    • SHA1

      9bc0f14230a8439566d69caa5ddd730b946afbc8

    • SHA256

      a9bb3e9f775ca73baaac71ef7e7b4a5d7c467aef99d3b8f34856f16dbb3afe26

    • SHA512

      bb95b5eb16b015759b577d6b15f4fc07eb7171db328db98c56235aaa9e71680d678c1b6149b50f7a1e6ad083e914e2a437cd2cd67fc6f83223021f5361f3afea

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks