Overview

overview

10

Static

static

EXTRACTOSE...68.exe

windows7_x64

10

EXTRACTOSE...68.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EXTRACTOSERFINANZA596054271198721911813685868.exe

  • Size

    132KB

  • Sample

    210418-t3b9mgsrzx

  • MD5

    01d7130213e93b5f7dc328439f3f426f

  • SHA1

    0c613f6efb7a45637545e946dae905751361821b

  • SHA256

    532156143b3090b5036a00550bcd98e05d7805ccbbeb2170ae26888d626a64ac

  • SHA512

    ac113aef20e05572d549f7271cdf73808699fe1395741c4ba220c986def3d4534473a84e2b4eed341f3aad2029e6e48e05a9d3e3caf06363edbf784ce2aade02

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

    • Target

      EXTRACTOSERFINANZA596054271198721911813685868.exe

    • Size

      132KB

    • MD5

      01d7130213e93b5f7dc328439f3f426f

    • SHA1

      0c613f6efb7a45637545e946dae905751361821b

    • SHA256

      532156143b3090b5036a00550bcd98e05d7805ccbbeb2170ae26888d626a64ac

    • SHA512

      ac113aef20e05572d549f7271cdf73808699fe1395741c4ba220c986def3d4534473a84e2b4eed341f3aad2029e6e48e05a9d3e3caf06363edbf784ce2aade02

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks