Overview

overview

10

Static

static

sB2ppXd9nd1DsMC.exe

windows7_x64

10

sB2ppXd9nd1DsMC.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sB2ppXd9nd1DsMC.exe

  • Size

    831KB

  • Sample

    210119-knek6276f2

  • MD5

    6471f431e11c4285b7ba8ac3c3e71ad9

  • SHA1

    46f5265999242b24f5ff5cae831709b616a2c381

  • SHA256

    b76e862dccd0da9b40dccf294bef402dc7a34185449bf55b022eb79dc8ce6e23

  • SHA512

    095f5ed132db126a2f4571d3209fb697a609f75887d2a37a8630d5397f7422288d1903b2f21b62138be8644fe1fe9ca1c0537076a541fa9cecb1cb57779dd5f4

Score
10/10
remcosratspyware

Malware Config

Extracted

Family

remcos

C2

185.244.26.241:1989

Targets

    • Target

      sB2ppXd9nd1DsMC.exe

    • Size

      831KB

    • MD5

      6471f431e11c4285b7ba8ac3c3e71ad9

    • SHA1

      46f5265999242b24f5ff5cae831709b616a2c381

    • SHA256

      b76e862dccd0da9b40dccf294bef402dc7a34185449bf55b022eb79dc8ce6e23

    • SHA512

      095f5ed132db126a2f4571d3209fb697a609f75887d2a37a8630d5397f7422288d1903b2f21b62138be8644fe1fe9ca1c0537076a541fa9cecb1cb57779dd5f4

    Score
    10/10
    remcosratspyware

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks