Overview

overview

10

Static

static

RR.exe

windows7_x64

10

RR.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RR.exe

  • Size

    803KB

  • Sample

    210415-9sxnn6gecn

  • MD5

    f31d91bf0dde9b21c9ab64883fe5e022

  • SHA1

    675362cb546323a38842f3dbd000def375f9760f

  • SHA256

    39fc3bd4df8f4ef4f7ceaa9d41626bf066fa423db69713eaf3105e4bf97fc3da

  • SHA512

    0f4e66006d71f37b2179d67a905923868ef0832aefa1929e7d9d0fa9d4ef7278d7509579463ff7b3a3d6f3992f4816c2e82975df5c4ed982d4b1ed6b06071ab9

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

shahzad73.ddns.net:2404

shahzad73.casacam.net:2404

Targets

    • Target

      RR.exe

    • Size

      803KB

    • MD5

      f31d91bf0dde9b21c9ab64883fe5e022

    • SHA1

      675362cb546323a38842f3dbd000def375f9760f

    • SHA256

      39fc3bd4df8f4ef4f7ceaa9d41626bf066fa423db69713eaf3105e4bf97fc3da

    • SHA512

      0f4e66006d71f37b2179d67a905923868ef0832aefa1929e7d9d0fa9d4ef7278d7509579463ff7b3a3d6f3992f4816c2e82975df5c4ed982d4b1ed6b06071ab9

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks