Overview

overview

10

Static

static

FORMAENWOR...04.exe

windows7_x64

10

FORMAENWOR...04.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FORMAENWORDDELPROCEP364440002 FORMAENWORDDELPROCEP364440004.exe

  • Size

    955KB

  • Sample

    210412-7ncf53btfs

  • MD5

    66bc12a8ad1e13c3e6dd65bd6db4790a

  • SHA1

    61048635297de9edf916ab5c2bbeeac865cad997

  • SHA256

    419000b66f04ce0f9b5b3b9f4825d4b68d21df27e99d02b483bd96aa240413d7

  • SHA512

    0f9fe805f7926a686382da2acc24da889be640b1951eb1a68c4f853aca56e7f3b1ff13d213d419f18e64b49f7a1c38edec556e2531d89c44e02755b286cec1aa

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

portugal16.duckdns.org:1717

Targets

    • Target

      FORMAENWORDDELPROCEP364440002 FORMAENWORDDELPROCEP364440004.exe

    • Size

      955KB

    • MD5

      66bc12a8ad1e13c3e6dd65bd6db4790a

    • SHA1

      61048635297de9edf916ab5c2bbeeac865cad997

    • SHA256

      419000b66f04ce0f9b5b3b9f4825d4b68d21df27e99d02b483bd96aa240413d7

    • SHA512

      0f9fe805f7926a686382da2acc24da889be640b1951eb1a68c4f853aca56e7f3b1ff13d213d419f18e64b49f7a1c38edec556e2531d89c44e02755b286cec1aa

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks