Overview

overview

10

Static

static

VINCPORPRO...09.exe

windows7_x64

10

VINCPORPRO...09.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VINCPORPROCEPORFRAUFIS346440007 VINCPORPROCEPORFRAUFIS346440009.exe

  • Size

    571KB

  • Sample

    210416-4vwy27mtz6

  • MD5

    49fb65d6058d42c8eded715bf9029c57

  • SHA1

    7eb2579aaae05ea1c30d2d71cd349857e725ed08

  • SHA256

    258853d56c202ea083607ec4d523335ed00c948afbf926f3cb62b4e962531812

  • SHA512

    d54d6fe594988e322755e177910fb815632a9e44b476a1da91c7605715de4968286f1d16e557e2baa8450c543380ceecd3d97e1ae5adea0466ad30174385b920

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

indira8923.duckdns.org:1717

Targets

    • Target

      VINCPORPROCEPORFRAUFIS346440007 VINCPORPROCEPORFRAUFIS346440009.exe

    • Size

      571KB

    • MD5

      49fb65d6058d42c8eded715bf9029c57

    • SHA1

      7eb2579aaae05ea1c30d2d71cd349857e725ed08

    • SHA256

      258853d56c202ea083607ec4d523335ed00c948afbf926f3cb62b4e962531812

    • SHA512

      d54d6fe594988e322755e177910fb815632a9e44b476a1da91c7605715de4968286f1d16e557e2baa8450c543380ceecd3d97e1ae5adea0466ad30174385b920

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks