Overview

overview

10

Static

static

SecuriteIn...82.exe

windows7_x64

5

SecuriteIn...82.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482

  • Size

    1.3MB

  • Sample

    210121-4shyqx5wss

  • MD5

    e9b6740e41a0542f4ad328e00acd7afb

  • SHA1

    98b5cb95aa4cbb0c97a772a2d76592a7c3ffc87c

  • SHA256

    aad93ff025a725de6d3746c2e98126105b7a7f126b7340c540e13fa861c9e268

  • SHA512

    51f60dd1907f6eddc5c29260b8c88714792a0083f09745479db4aed5deb188be1e07740fbe2bc467eef4174d06d6c5899f4499ae11f82699d011222a1f1209c1

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006

Targets

    • Target

      SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482

    • Size

      1.3MB

    • MD5

      e9b6740e41a0542f4ad328e00acd7afb

    • SHA1

      98b5cb95aa4cbb0c97a772a2d76592a7c3ffc87c

    • SHA256

      aad93ff025a725de6d3746c2e98126105b7a7f126b7340c540e13fa861c9e268

    • SHA512

      51f60dd1907f6eddc5c29260b8c88714792a0083f09745479db4aed5deb188be1e07740fbe2bc467eef4174d06d6c5899f4499ae11f82699d011222a1f1209c1

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks