Quotation6547558,pdf.exe

General
Target

Quotation6547558,pdf.exe

Size

706KB

Sample

210217-mehssfhd7x

Score
10 /10
MD5

8dbeaa2200e3dd4d09247606d25bec31

SHA1

72265ac4686a37571cdd1f7a6961853de166dc00

SHA256

e45bc4ce4e4f84bedc7ec144517df1d16ea97b1803fa1b3cf21c581390b50bf8

SHA512

c73fbe6c7300ccb33e6b293ab6218d605e52e20651a3bf22f2c51b2326fe63bd7b4b0978dbd190d714c3d889eb2d9256c62722d2180eba1e082db531d30f3ef2

Malware Config

Extracted

Family remcos
C2

favour2021.ddns.net:1990

Targets
Target

Quotation6547558,pdf.exe

MD5

8dbeaa2200e3dd4d09247606d25bec31

Filesize

706KB

Score
10 /10
SHA1

72265ac4686a37571cdd1f7a6961853de166dc00

SHA256

e45bc4ce4e4f84bedc7ec144517df1d16ea97b1803fa1b3cf21c581390b50bf8

SHA512

c73fbe6c7300ccb33e6b293ab6218d605e52e20651a3bf22f2c51b2326fe63bd7b4b0978dbd190d714c3d889eb2d9256c62722d2180eba1e082db531d30f3ef2

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10