Overview

overview

10

Static

static

NEW PO (PO...12.exe

windows7_x64

10

NEW PO (PO...12.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW PO (PO#HD512-6 5700)12.exe

  • Size

    1.1MB

  • Sample

    210415-3qr6kp5fh6

  • MD5

    7c96cee7f960df295f0f3c7c7712db1c

  • SHA1

    092c3059dbc9a3c17da49dc7de4c5883ba2f5040

  • SHA256

    8017cf230cb7f4e72b6128a7e696821749c4990dbd446f8206d948c3ed6530ec

  • SHA512

    0c53259133f97a46732d62814f7b4c52f48bbda3cfda9b45846e7f54a31080da5cf15ee15c89b7e369c0f195f5e46e02e99422487fee6ae84cdd99d19bf11546

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:4292

Targets

    • Target

      NEW PO (PO#HD512-6 5700)12.exe

    • Size

      1.1MB

    • MD5

      7c96cee7f960df295f0f3c7c7712db1c

    • SHA1

      092c3059dbc9a3c17da49dc7de4c5883ba2f5040

    • SHA256

      8017cf230cb7f4e72b6128a7e696821749c4990dbd446f8206d948c3ed6530ec

    • SHA512

      0c53259133f97a46732d62814f7b4c52f48bbda3cfda9b45846e7f54a31080da5cf15ee15c89b7e369c0f195f5e46e02e99422487fee6ae84cdd99d19bf11546

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks