Overview

overview

10

Static

static

9d84e2e5d8...ad.exe

windows7_x64

10

9d84e2e5d8...ad.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d84e2e5d8e18157f7da91393112d8ad.exe

  • Size

    762KB

  • Sample

    210119-sqln77xp3a

  • MD5

    9d84e2e5d8e18157f7da91393112d8ad

  • SHA1

    77df25a58864a22c423d31644e635e2f075bbe87

  • SHA256

    b9e467b94e968b2fb26ae2384d400eb37afd49b857644a754918d2d412eb74cc

  • SHA512

    a62996b1981c87e897c0d25e14cc231c71347879024807314eb1a46d736fc1f39f9bd4220b7c8abbe35f35a3e6587659522ba6781091d4d9b0ba1c62e6159917

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

megamoney2021.duckdns.org:26500

79.134.225.13:26500

Targets

    • Target

      9d84e2e5d8e18157f7da91393112d8ad.exe

    • Size

      762KB

    • MD5

      9d84e2e5d8e18157f7da91393112d8ad

    • SHA1

      77df25a58864a22c423d31644e635e2f075bbe87

    • SHA256

      b9e467b94e968b2fb26ae2384d400eb37afd49b857644a754918d2d412eb74cc

    • SHA512

      a62996b1981c87e897c0d25e14cc231c71347879024807314eb1a46d736fc1f39f9bd4220b7c8abbe35f35a3e6587659522ba6781091d4d9b0ba1c62e6159917

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks