Overview

overview

10

Static

static

PURCHASE O...df.exe

windows7_x64

10

PURCHASE O...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE OREDER. PRINT. pdf.exe

  • Size

    1.1MB

  • Sample

    210119-61et7385jj

  • MD5

    fe9d2688823fab4c83ab24ca3567d650

  • SHA1

    e0d949307cb7b025d48ff3998248106c1dcd91b2

  • SHA256

    1b494eddfba240b20f7db04845dd82ccf5dcb3f637c03d7853343be8f7d674ab

  • SHA512

    132e35a11162ea1b7d7ff2491d9067e129fe02062745f8cf3d5cc185daa36c5ac1d104be7c75461a3b376f2f0fc7f53f3bfdd0c7d1ff1e6c24e5ba9df71d5b8e

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

91.193.75.45:1990

Targets

    • Target

      PURCHASE OREDER. PRINT. pdf.exe

    • Size

      1.1MB

    • MD5

      fe9d2688823fab4c83ab24ca3567d650

    • SHA1

      e0d949307cb7b025d48ff3998248106c1dcd91b2

    • SHA256

      1b494eddfba240b20f7db04845dd82ccf5dcb3f637c03d7853343be8f7d674ab

    • SHA512

      132e35a11162ea1b7d7ff2491d9067e129fe02062745f8cf3d5cc185daa36c5ac1d104be7c75461a3b376f2f0fc7f53f3bfdd0c7d1ff1e6c24e5ba9df71d5b8e

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks