Overview

overview

10

Static

static

atikmdag-p...er.exe

windows7_x64

8

atikmdag-p...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atikmdag-patcher 1.4.7.zip

  • Size

    5.6MB

  • Sample

    210120-9qlz1cvkcx

  • MD5

    71b165a31b508643c762c0091c990f6c

  • SHA1

    204994ed47b491def4d325fa0fd40ff3c4f17cb9

  • SHA256

    6059f140c9fada4970a52c064b1314a3c81fbdb73dc35a58a2af8f4945f9c748

  • SHA512

    43c0ac900dc4ac9dc77eb8908f773714dc80ffb889b625af0869ab1226e8521f96cf3682629776a5e7be0a3a46d9832805ad2684b9338d1921a4af31c01edf89

Score
10/10
remcosransomwarerat

Malware Config

Extracted

Family

remcos

C2

5.61.53.13:8000

Targets

    • Target

      atikmdag-patcher 1.4.7/atikmdag-patcher.exe

    • Size

      2.9MB

    • MD5

      c3913cc50ad4f1fb71ff6f47421508fe

    • SHA1

      e4d6183d5605315f4689e24125400f2d9601109b

    • SHA256

      83dbf6453c82e3deec82ef5a21a6ff548854f3297f4d6e5a41e1946fba5cad0d

    • SHA512

      9ab38166baa24503f388508ea8ad96c72323a4051c9c685a28f9a84438a3db0698554b6e2467dacf18715fb551afae37431e95a19bbdfd34309aa00af85bf7ea

    Score
    10/10
    ransomwareremcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks