Overview

overview

10

Static

static

Alıntı.exe

windows7_x64

10

Alıntı.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Alıntı.exe

  • Size

    830KB

  • Sample

    210125-j6x1r845m6

  • MD5

    cb6f7aa8475416055d6a363c4c0617dd

  • SHA1

    ceb31f102bd5d5bf63da93db0c44936b411de2e0

  • SHA256

    2b1530546744e05fc3e002b3db398e90449e6eab2aa259a691f5fb5d7bf49664

  • SHA512

    eb525403949ad3715c20183a4f5140f21a63b88895bc6ed9333f7684f43f409e6c14e956a6256df35526fa885a1a2ba719d2a006475e281d1f1c75a2c9727af1

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

whatgodcannotdodoestnotexist.duckdns.org:2559

Targets

    • Target

      Alıntı.exe

    • Size

      830KB

    • MD5

      cb6f7aa8475416055d6a363c4c0617dd

    • SHA1

      ceb31f102bd5d5bf63da93db0c44936b411de2e0

    • SHA256

      2b1530546744e05fc3e002b3db398e90449e6eab2aa259a691f5fb5d7bf49664

    • SHA512

      eb525403949ad3715c20183a4f5140f21a63b88895bc6ed9333f7684f43f409e6c14e956a6256df35526fa885a1a2ba719d2a006475e281d1f1c75a2c9727af1

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks