Overview

overview

10

Static

static

POEA DELIS...DF.exe

windows7_x64

10

POEA DELIS...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    POEA DELISTED AGENCIES (BATCH A).PDF.exe

  • Size

    515KB

  • Sample

    210218-9ss3zgpt1n

  • MD5

    217179aac1ed3994614e7c8666d2f82b

  • SHA1

    d62998531aea7d6acb9d0add1f168739e2e9eab1

  • SHA256

    0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a

  • SHA512

    fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

shahzad73.casacam.net:2404

shahzad73.ddns.net:2404

Targets

    • Target

      POEA DELISTED AGENCIES (BATCH A).PDF.exe

    • Size

      515KB

    • MD5

      217179aac1ed3994614e7c8666d2f82b

    • SHA1

      d62998531aea7d6acb9d0add1f168739e2e9eab1

    • SHA256

      0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a

    • SHA512

      fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks