Overview

overview

10

Static

static

Atikmdag P....8.exe

windows7_x64

10

Atikmdag P....8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Atikmdag Patcher 1.4.8.zip

  • Size

    2.1MB

  • Sample

    210123-rj2ssxqq7n

  • MD5

    2f3daadd74f89ab5d113806d85f966de

  • SHA1

    e83d56392bf94a100700766e6d45512d7a2a487e

  • SHA256

    03c3c444a6f345e6f24d66a9e61c13ebab340d71a06a8736e1b452927a2b7da8

  • SHA512

    220fe47221538b917345f676d2bda6f8f24de65a0e35b616f7f5c85db4952d01966b9aec30eb47afbaf61ac0dda4657ad7a56dd5c759b7ab5b4f26cff57cf17c

Score
10/10
remcosransomwarerat

Malware Config

Extracted

Family

remcos

C2

37.252.11.23:5858

Targets

    • Target

      Atikmdag Patcher 1.4.8/Atikmdag-Patcher-1.4.8.exe

    • Size

      2.5MB

    • MD5

      7173128b01b36c0911e88fb6cc1c967b

    • SHA1

      db1d76ecf46d95275fa7b0ff7109dd4e6f7dd775

    • SHA256

      e86eb444fe0b44567389ad48953969a60c5bfccadfa1c0e2ec22ada7ad7bd01a

    • SHA512

      b89934ca1ba5ec69149d4267501837079cddc28569f60b84b225f6ea6acea8c1b55af163b05305e147b4dcb5f182f7cac2e127e6ec4acdde6c02a487887968b6

    Score
    10/10
    remcosransomwarerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks