General

  • Target

    Bestel #7507,pdf.exe

  • Size

    1.5MB

  • Sample

    210120-rljpbmw53s

  • MD5

    a7d0fadab38ba5b3f1dbe288b2c79151

  • SHA1

    ef2d4d3192334ed86f275704daf6d848b5ab95b0

  • SHA256

    fe434d231d4c25398526a8426f47c625c0bdb41c3d11d0787445dcc3192e9eb3

  • SHA512

    c95bed218e208addb5e8af6dd7e12255da80231fbe7107ef24d52fca61357429b388c7b537d463bb13af71747d11177e7cfb153b3d1650cdab1d8815cd0734af

Score
10/10

Malware Config

Extracted

Family

remcos

C2

movement2020.ddns.net:6735

Targets

    • Target

      Bestel #7507,pdf.exe

    • Size

      1.5MB

    • MD5

      a7d0fadab38ba5b3f1dbe288b2c79151

    • SHA1

      ef2d4d3192334ed86f275704daf6d848b5ab95b0

    • SHA256

      fe434d231d4c25398526a8426f47c625c0bdb41c3d11d0787445dcc3192e9eb3

    • SHA512

      c95bed218e208addb5e8af6dd7e12255da80231fbe7107ef24d52fca61357429b388c7b537d463bb13af71747d11177e7cfb153b3d1650cdab1d8815cd0734af

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks