Overview

overview

10

Static

static

New Order ...64.exe

windows7_x64

10

New Order ...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order QDT 2068864.zip

  • Size

    584KB

  • Sample

    210414-27fg9kq11x

  • MD5

    d1a19c7f4e58e0edd3d97e9c24ab21bd

  • SHA1

    6e7d3d7b3228bb10e0ceb3949237716b4dcaece7

  • SHA256

    1edeede1f752bd813d40e99af6e7a582960c4eb03615750f0b76c9b59cf4fb24

  • SHA512

    cce7e4f1dca0b14b9e6b19bf151c36c60068d5a0cb7af41755197a5c78ad8cbe8a4d391a855e4e22aedc3164fb451e2f9e5cc9f49aef27aaca3853fdc8fb321a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:3322

Targets

    • Target

      New Order QDT 206864.exe

    • Size

      659KB

    • MD5

      c589d8078ef698aa0b05fdbe324e7520

    • SHA1

      dfdbd8800698285753c7b484988bb49560856805

    • SHA256

      3070367628094bec21e5643057a992d9c6a3935b66d425d68cdfb2d070b91240

    • SHA512

      f32805d7981d5af41c4b3cda3ecce80bc093187a8a7b9e2530ab0839b1ae7b668a73e4147f7119ebaae35dde59464bdafc6323cb080965ef9379e07bd943c807

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks