General

  • Target

    NEW PURCHASE ORDER LISTED ITEMS.rar

  • Size

    458KB

  • Sample

    210420-5fgc4tbf9x

  • MD5

    4736e19835fac923db7a0d52c2988edd

  • SHA1

    6892fe1747a9ba18afdc31c74b1afbed0ac0b684

  • SHA256

    9c46d85d692df86280e483d3d3814b0d46f14e9469df7f4f0e53253a1e8f8e98

  • SHA512

    2aaf4e00a7b4018fd83f6bd1e4522bae1b08e19a986e739c9d94b55b063e48e2edb53dbea06cf40dccd61f77c49d57cf3d23484b5c8602c8bc1734e4e6edfdf3

Score
10/10

Malware Config

Extracted

Family

remcos

C2

79.134.225.49:1953

Targets

    • Target

      NEW PURCHASE ORDER LISTED ITEMS.exe

    • Size

      645KB

    • MD5

      5e8ff1a9ec1192bae73ec97729e46d63

    • SHA1

      2efd06ad72483238327a9570043159d0ab9ece34

    • SHA256

      15acacbd5c928108c9db5e319f23e493f45c3a0c8e8b979f7e760675f916ae2b

    • SHA512

      a083c78f12bb5d40c9141d12781d3bf013347d0345307df1d6533753b40dac5f26e8e75610bc5b84821525670af42cc4a2736ba868359548290985593453e146

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Discovery

System Information Discovery

1
T1082

Tasks