Overview

overview

10

Static

static

REQUEST FO...10.exe

windows7_x64

10

REQUEST FO...10.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REQUEST FOR QUOTATION - PR30016810.exe

  • Size

    1.2MB

  • Sample

    210416-md5ym2xt3s

  • MD5

    ff100e2d9f8b2f265f22f164d67d83d6

  • SHA1

    ddeec70d99fcaa98db7f417ad5fc2fa724b0c252

  • SHA256

    c85d33153d768a2f98066c8ba07e58890cbac4c185e4ef45739fb03750e1088b

  • SHA512

    0030f38b15e4f455ff970a433e1428eff4511665a417ebc264ae19ea2be5ceda369cbc1d60bb914280d3a8e4b2dffd2c37e93a4362ce39b1bbe5d83418d593fc

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

103.89.88.238:4292

Targets

    • Target

      REQUEST FOR QUOTATION - PR30016810.exe

    • Size

      1.2MB

    • MD5

      ff100e2d9f8b2f265f22f164d67d83d6

    • SHA1

      ddeec70d99fcaa98db7f417ad5fc2fa724b0c252

    • SHA256

      c85d33153d768a2f98066c8ba07e58890cbac4c185e4ef45739fb03750e1088b

    • SHA512

      0030f38b15e4f455ff970a433e1428eff4511665a417ebc264ae19ea2be5ceda369cbc1d60bb914280d3a8e4b2dffd2c37e93a4362ce39b1bbe5d83418d593fc

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks