Overview

overview

10

Static

static

NEW PO (PO...12.exe

windows7_x64

10

NEW PO (PO...12.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW PO (PO#HD512-6 5700)12.zip

  • Size

    941KB

  • Sample

    210415-kprm6753lx

  • MD5

    d6dc3afd4a99d269489b77bd4160a886

  • SHA1

    4f01a610219cf9a409b7393742aca1da34593bb7

  • SHA256

    426d3af918c60fbc12206aa3bc31f47c30f16b69cb7ff8f8de1d381270e12a36

  • SHA512

    49b739b27fdcb87bc887c7b710e525722c4e2324808670b90667fee9bfd9c22ca1dfc0b05afb42d5180002e4602b73ae53befbeb477292d36d302c4558ae4083

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:4292

Targets

    • Target

      NEW PO (PO#HD512-6 5700)12.exe

    • Size

      1.1MB

    • MD5

      7c96cee7f960df295f0f3c7c7712db1c

    • SHA1

      092c3059dbc9a3c17da49dc7de4c5883ba2f5040

    • SHA256

      8017cf230cb7f4e72b6128a7e696821749c4990dbd446f8206d948c3ed6530ec

    • SHA512

      0c53259133f97a46732d62814f7b4c52f48bbda3cfda9b45846e7f54a31080da5cf15ee15c89b7e369c0f195f5e46e02e99422487fee6ae84cdd99d19bf11546

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks