Overview

overview

10

Static

static

SERFINANZA...14.exe

windows7_x64

10

SERFINANZA...14.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SERFINANZAEXTRACTO283816558547438357773985414.exe

  • Size

    128KB

  • Sample

    210419-6shx5y4ys6

  • MD5

    b82490dbb12159cc752ec64995dd7348

  • SHA1

    efffc1c5cb6674da0fa4ea282cb7029284a49bef

  • SHA256

    ae0e4f562ecbe6754699d92948d01d4080401d92bb2778e0d2f2ca7caf787cee

  • SHA512

    49823e6a327d9540bf4ca8a31e8abf598ce27a8d7fb6a12ee6f86e9d2c170877eb4c4b73ada4864d3bdf91b50673a9d7b504ba1e01f24401391d5cb4775f9218

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

    • Target

      SERFINANZAEXTRACTO283816558547438357773985414.exe

    • Size

      128KB

    • MD5

      b82490dbb12159cc752ec64995dd7348

    • SHA1

      efffc1c5cb6674da0fa4ea282cb7029284a49bef

    • SHA256

      ae0e4f562ecbe6754699d92948d01d4080401d92bb2778e0d2f2ca7caf787cee

    • SHA512

      49823e6a327d9540bf4ca8a31e8abf598ce27a8d7fb6a12ee6f86e9d2c170877eb4c4b73ada4864d3bdf91b50673a9d7b504ba1e01f24401391d5cb4775f9218

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks