General

  • Target

    DHL Delivery Shipping Cargo. Pdf.exe

  • Size

    647KB

  • Sample

    210120-2fsyt5kzv6

  • MD5

    aecd80e489a97289022b0dd07323a6b5

  • SHA1

    d14b273a6ebee84b0d1d9fd35361dbdaf1977617

  • SHA256

    09be972858f7ed888f35048caf1f20787063e5b26777446b5ae5fa621fd577f4

  • SHA512

    5a1d640aa975eab9e34400a94863bd4e8d270350d3e3e01b654425a464b6e5bea5e99f94498c5284b26c8878e2490045443a26dbcf6fe737727edf06a9f2737d

Score
10/10

Malware Config

Extracted

Family

remcos

C2

mikegrace2021.ddns.net:1999

Targets

    • Target

      DHL Delivery Shipping Cargo. Pdf.exe

    • Size

      647KB

    • MD5

      aecd80e489a97289022b0dd07323a6b5

    • SHA1

      d14b273a6ebee84b0d1d9fd35361dbdaf1977617

    • SHA256

      09be972858f7ed888f35048caf1f20787063e5b26777446b5ae5fa621fd577f4

    • SHA512

      5a1d640aa975eab9e34400a94863bd4e8d270350d3e3e01b654425a464b6e5bea5e99f94498c5284b26c8878e2490045443a26dbcf6fe737727edf06a9f2737d

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks