REVISED ORDER 2322020.EXE

General
Target

REVISED ORDER 2322020.EXE

Size

1MB

Sample

210223-5133fc361a

Score
10 /10
MD5

7da140a904417492363f4418cb2a717b

SHA1

a06673b6a33f804a3f9f688231d30e1edf5378d4

SHA256

e4eb73c0e476457f54c9e3a5df6b25ef839e3aac74465ca666c2b2c0bcaaa1f7

SHA512

d75dba2342c80bed03d956f428947ec3e80b9e9423570eebf77c810a3671b728e76106baae606edbef8b96096c1d66165ee43967b2563e1170eb998813e5e03a

Malware Config

Extracted

Family remcos
C2

marstonstyl247.ddns.net:3234
Targets
Target

REVISED ORDER 2322020.EXE

MD5

7da140a904417492363f4418cb2a717b

Filesize

1MB

Score
10 /10
SHA1

a06673b6a33f804a3f9f688231d30e1edf5378d4

SHA256

e4eb73c0e476457f54c9e3a5df6b25ef839e3aac74465ca666c2b2c0bcaaa1f7

SHA512

d75dba2342c80bed03d956f428947ec3e80b9e9423570eebf77c810a3671b728e76106baae606edbef8b96096c1d66165ee43967b2563e1170eb998813e5e03a

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10