General

  • Target

    93d5a6c80343c85fb4aedd5b1de38613.exe

  • Size

    128KB

  • Sample

    210420-wsczln5kfa

  • MD5

    93d5a6c80343c85fb4aedd5b1de38613

  • SHA1

    12e13aba5ea9dc2d86030befeac7c124dc17a6eb

  • SHA256

    9626b19106a81d22416acbbe7ea291de316ca3a8f359beb9fe09850649fd5292

  • SHA512

    6d30c5c43db627499332d43c1bb0f176be5a26679554229ec493c44342e77093a03e6b5f5576df28cb17d2b6392b3e979d5551393519c187620c9e8856c68e52

Score
10/10

Malware Config

Extracted

Family

remcos

C2

sandshoe.myfirewall.org:2415

Targets

    • Target

      93d5a6c80343c85fb4aedd5b1de38613.exe

    • Size

      128KB

    • MD5

      93d5a6c80343c85fb4aedd5b1de38613

    • SHA1

      12e13aba5ea9dc2d86030befeac7c124dc17a6eb

    • SHA256

      9626b19106a81d22416acbbe7ea291de316ca3a8f359beb9fe09850649fd5292

    • SHA512

      6d30c5c43db627499332d43c1bb0f176be5a26679554229ec493c44342e77093a03e6b5f5576df28cb17d2b6392b3e979d5551393519c187620c9e8856c68e52

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks