Overview

overview

10

Static

static

FV02700013...df.exe

windows7_x64

10

FV02700013...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe

  • Size

    1.3MB

  • Sample

    210120-1rrvjxedhj

  • MD5

    a19f05f20d0763c0d7794ff03d8db8d4

  • SHA1

    78f4586c4e318ff44d4886ac5665cdebe9f0196e

  • SHA256

    db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0

  • SHA512

    ffda1d8f6544bd3d048585f8129166880bb08a90983f99c10c22103ff14c07de12da6259ed4d9f0e494a514e3b53cbcff2f4ff242e92af5ea5cf25bcf1e7895e

Score
10/10
remcosransomwarerat

Malware Config

Extracted

Family

remcos

C2

starkduck0001.duckdns.org:9403

Targets

    • Target

      FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe

    • Size

      1.3MB

    • MD5

      a19f05f20d0763c0d7794ff03d8db8d4

    • SHA1

      78f4586c4e318ff44d4886ac5665cdebe9f0196e

    • SHA256

      db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0

    • SHA512

      ffda1d8f6544bd3d048585f8129166880bb08a90983f99c10c22103ff14c07de12da6259ed4d9f0e494a514e3b53cbcff2f4ff242e92af5ea5cf25bcf1e7895e

    Score
    10/10
    remcosransomwarerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks