POEA DELISTED AGENCIES (BATCH A).PDF.exe

General
Target

POEA DELISTED AGENCIES (BATCH A).PDF.exe

Size

515KB

Sample

210218-9ss3zgpt1n

Score
10 /10
MD5

217179aac1ed3994614e7c8666d2f82b

SHA1

d62998531aea7d6acb9d0add1f168739e2e9eab1

SHA256

0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a

SHA512

fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce

Malware Config

Extracted

Family remcos
C2

shahzad73.casacam.net:2404

shahzad73.ddns.net:2404

Targets
Target

POEA DELISTED AGENCIES (BATCH A).PDF.exe

MD5

217179aac1ed3994614e7c8666d2f82b

Filesize

515KB

Score
10 /10
SHA1

d62998531aea7d6acb9d0add1f168739e2e9eab1

SHA256

0bfae38c37f8478cfd4c92f603b202f8f4bff11f96fdce5959eeaad5142d9a3a

SHA512

fd70c49c0fb1df2606e2496497656a4d23ab9868b227a1fef62ff4fa321952964bcd64f70bad1b1a8d763f4985264f1edd6ff19f0b6441bf214f2a37363179ce

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10