Overview

overview

10

Static

static

1

CONTRACT F...df.exe

windows7_x64

10

CONTRACT F...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CONTRACT FB20172837,pdf.iso

  • Size

    274KB

  • Sample

    210420-t7vbvvbsan

  • MD5

    21149af0bb08bd872471807644ea8c87

  • SHA1

    619fd09d7c9f17912199efef32500c75ae276232

  • SHA256

    30a033122c088c30e0b104040955d3aa0d5c83d1bb25888c83478cab751da97e

  • SHA512

    c5031199748a3cb4a2a8be0cf7568d87062a1f39563b79d262e132206a0454055c7d7a25dd2278c070618605484209e9a28d6abd747d3185c4711b1ee3e5d144

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

blessmegod.ddns.net:3866

Targets

    • Target

      CONTRACT FB20172837,pdf.exe

    • Size

      212KB

    • MD5

      3144fd0af0fcde5fa43d9b4afb5a1fc1

    • SHA1

      347149e4cf1d740a41f2d739f95bb46097f72803

    • SHA256

      03b97c8344d63354e9d3802da05d8124eca355514b3d26dae4d596b925ffe824

    • SHA512

      21182f46eeff57779114127032a8322022eb67218593957dea4b44b255865c504be9c12b1a2b4a38077fb4ab83189f82cf23be04f03b33f89834ed17c4b0f9d9

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks