Overview

overview

10

Static

static

Urgente RF...df.exe

windows7_x64

10

Urgente RF...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Urgente RFQ_AP65425652_032421,pdf.iso

  • Size

    814KB

  • Sample

    210416-lg6bqz3hh2

  • MD5

    b52f3174e234ddf45e8e6e5b50bfdd45

  • SHA1

    9bd8949818efbe03068ebf9f299d127abfe8f2cd

  • SHA256

    87a00c4c09ffb99509f199799a434545c1a3db4fe1b31690c6f1b0244ebf1d06

  • SHA512

    e86fc508939d86bf9958f33f6baec615a0b0af4277316659ebdac60db700670b9bdf8253909a1a80db7dc046fa09619729022df470336d0b9c479c820f648ee8

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

ongod4life.ddns.net:4344

Targets

    • Target

      Urgente RFQ_AP65425652_032421,pdf.exe

    • Size

      752KB

    • MD5

      0a04a9709b0ed80c0bbd55c1fa40dbad

    • SHA1

      9bd51b9b23cc00bb939308a119d044406087d58f

    • SHA256

      03e8013bba11c526e074a525d7dc96153a7794d579880cb6446e57a37c8be72a

    • SHA512

      812f12a9f2f547674dcc11c78b81910744ab1aada376158b1905392df035254aaf7f62a102d93eb9176f261d017ba77d070a9ac0f4cb4ce5404956b91bc43519

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks