Overview

overview

10

Static

static

SecuriteIn...24.exe

windows7_x64

3

SecuriteIn...24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Artemis326CF1417127.2024

  • Size

    20KB

  • Sample

    210122-wsvltb6vhx

  • MD5

    326cf1417127868c96d367f522a0b260

  • SHA1

    238b48e5544d5654fadfaa25a2a55b024452ad6b

  • SHA256

    9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41

  • SHA512

    732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12

Score
10/10
remcospersistenceransomwarerat

Malware Config

Extracted

Family

remcos

C2

wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996

Targets

    • Target

      SecuriteInfo.com.Artemis326CF1417127.2024

    • Size

      20KB

    • MD5

      326cf1417127868c96d367f522a0b260

    • SHA1

      238b48e5544d5654fadfaa25a2a55b024452ad6b

    • SHA256

      9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41

    • SHA512

      732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12

    Score
    10/10
    remcospersistenceransomwarerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks