General

  • Target

    2db81d3e2b2588c5155ebf3be7662471.exe

  • Size

    1.1MB

  • Sample

    210420-ctk1nj7ld2

  • MD5

    2db81d3e2b2588c5155ebf3be7662471

  • SHA1

    2d3dd98badce3abbeada81537c708e38ac1fcbd4

  • SHA256

    9190802aebd14316ced550d2102f2650a2b4e3d08ec32e4c95ab722db7206e1f

  • SHA512

    61500e784d9f26b2f1f56158eab5f125597e13f43c9c07a9b8ff4924e9b05bc4245c597efb1fbf1e9b9050db63130a90aaaac9e12118586ffee9ee85c2a0a8f2

Score
10/10

Malware Config

Extracted

Family

remcos

C2

fieldsdegreenf.duckdns.org:6553

aaeeerbbbeee.duckdns.org:6553

Targets

    • Target

      2db81d3e2b2588c5155ebf3be7662471.exe

    • Size

      1.1MB

    • MD5

      2db81d3e2b2588c5155ebf3be7662471

    • SHA1

      2d3dd98badce3abbeada81537c708e38ac1fcbd4

    • SHA256

      9190802aebd14316ced550d2102f2650a2b4e3d08ec32e4c95ab722db7206e1f

    • SHA512

      61500e784d9f26b2f1f56158eab5f125597e13f43c9c07a9b8ff4924e9b05bc4245c597efb1fbf1e9b9050db63130a90aaaac9e12118586ffee9ee85c2a0a8f2

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Tasks