Overview

overview

10

Static

static

Product List 01.xlsx

windows7_x64

10

Product List 01.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product List 01.xlsx

  • Size

    2.4MB

  • Sample

    210119-8gbqfev66x

  • MD5

    44015f105e6b64a770d80ab510b4f7a9

  • SHA1

    eee4ed694385ccc3fe9896ceb2fb5c118c260a58

  • SHA256

    e2569ec36e92c20060f47e60994da1ec8fbe203a2a5dfd60a3624d7eae7355b6

  • SHA512

    f01e9865ee81a8b1978990f64a45201074aee682e7ef77c846276a9d79f57348f3575ea450b1a0dbd4c9b5aa8bab91428d894e6e4fa3ec7ff780dd80487eba95

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006

Targets

    • Target

      Product List 01.xlsx

    • Size

      2.4MB

    • MD5

      44015f105e6b64a770d80ab510b4f7a9

    • SHA1

      eee4ed694385ccc3fe9896ceb2fb5c118c260a58

    • SHA256

      e2569ec36e92c20060f47e60994da1ec8fbe203a2a5dfd60a3624d7eae7355b6

    • SHA512

      f01e9865ee81a8b1978990f64a45201074aee682e7ef77c846276a9d79f57348f3575ea450b1a0dbd4c9b5aa8bab91428d894e6e4fa3ec7ff780dd80487eba95

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks