Overview

overview

10

Static

static

SERFINANZA...14.exe

windows7_x64

10

SERFINANZA...14.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SERFINANZAEXTRACTO728296481601298694807375214.exe

  • Size

    130KB

  • Sample

    210419-7g2ky1kftj

  • MD5

    109b6f8dcadd3cd022666186b003e3db

  • SHA1

    ef1ffdd909287a5395aa875bcd5a25510c61f3fd

  • SHA256

    962166f0ef5b1d6dd3e73c03575b5de20220feabe4f13a63d6441e66d1164563

  • SHA512

    45cf6a6bad6f5e56a4c07eacceb1aa7c781fb0bf67284450b74e4f14a74a653e9c7e8da1c4a12e2cfee0d74d4ce3dd5b9523837dab68ccd954c99adf08a6a715

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

    • Target

      SERFINANZAEXTRACTO728296481601298694807375214.exe

    • Size

      130KB

    • MD5

      109b6f8dcadd3cd022666186b003e3db

    • SHA1

      ef1ffdd909287a5395aa875bcd5a25510c61f3fd

    • SHA256

      962166f0ef5b1d6dd3e73c03575b5de20220feabe4f13a63d6441e66d1164563

    • SHA512

      45cf6a6bad6f5e56a4c07eacceb1aa7c781fb0bf67284450b74e4f14a74a653e9c7e8da1c4a12e2cfee0d74d4ce3dd5b9523837dab68ccd954c99adf08a6a715

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks