Overview

overview

10

Static

static

AKBANK E-DEKONT.exe

windows7_x64

10

AKBANK E-DEKONT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AKBANK E-DEKONT.exe

  • Size

    530KB

  • Sample

    210120-af33ft8ckx

  • MD5

    860767d5cca20c73f2824af9dd531c2c

  • SHA1

    4c2e344e91d2fb6a3cb192c751c2f73961408c29

  • SHA256

    38ae495598f7ea60de08fbdef9f15051a7be606ce0c532766cddb4d13de6b8e3

  • SHA512

    8996f266d8755a6106816a06d25ded34596e62fc71d7d65af7cd10b8b3d7e4c0e2eb2f7bb46d256fa57023d7fed6ae81f5c2c0bab011c83fddcffe50ae16cc50

Score
10/10
remcosransomwarerat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

    • Target

      AKBANK E-DEKONT.exe

    • Size

      530KB

    • MD5

      860767d5cca20c73f2824af9dd531c2c

    • SHA1

      4c2e344e91d2fb6a3cb192c751c2f73961408c29

    • SHA256

      38ae495598f7ea60de08fbdef9f15051a7be606ce0c532766cddb4d13de6b8e3

    • SHA512

      8996f266d8755a6106816a06d25ded34596e62fc71d7d65af7cd10b8b3d7e4c0e2eb2f7bb46d256fa57023d7fed6ae81f5c2c0bab011c83fddcffe50ae16cc50

    Score
    10/10
    remcosransomwarerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks