Overview

overview

10

Static

static

New Order ...64.exe

windows7_x64

10

New Order ...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order QDT 206864.exe

  • Size

    659KB

  • Sample

    210414-5z92nl9kd2

  • MD5

    c589d8078ef698aa0b05fdbe324e7520

  • SHA1

    dfdbd8800698285753c7b484988bb49560856805

  • SHA256

    3070367628094bec21e5643057a992d9c6a3935b66d425d68cdfb2d070b91240

  • SHA512

    f32805d7981d5af41c4b3cda3ecce80bc093187a8a7b9e2530ab0839b1ae7b668a73e4147f7119ebaae35dde59464bdafc6323cb080965ef9379e07bd943c807

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:3322

Targets

    • Target

      New Order QDT 206864.exe

    • Size

      659KB

    • MD5

      c589d8078ef698aa0b05fdbe324e7520

    • SHA1

      dfdbd8800698285753c7b484988bb49560856805

    • SHA256

      3070367628094bec21e5643057a992d9c6a3935b66d425d68cdfb2d070b91240

    • SHA512

      f32805d7981d5af41c4b3cda3ecce80bc093187a8a7b9e2530ab0839b1ae7b668a73e4147f7119ebaae35dde59464bdafc6323cb080965ef9379e07bd943c807

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks