Overview

overview

10

Static

static

1

OC CVE6535...df.exe

windows7_x64

10

OC CVE6535...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OC CVE6535 _TVOP-MIO 21(C) 2021,pdf.zip

  • Size

    220KB

  • Sample

    210421-5nl6ssqytx

  • MD5

    6f7a22c8259e06045f435c58b5bea77f

  • SHA1

    6245fc6acb136224917498b61a4d559dd239b3be

  • SHA256

    a86743b847fa22b82c7c17cac4c3af8684f14ba5d7ff4028f123596911ee3835

  • SHA512

    8dbf85f48d9c4d73e6378b7734a586583762f6d512792ddc6f22d5cd1d598d6a07efefd5a7b3fdfee9ddbcd5db0cdddde65cfab57ff5f38b94245f42ebb96904

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

blessmegod.ddns.net:3866

Targets

    • Target

      OC CVE6535 _TVOP-MIO 21(C) 2021,pdf.exe

    • Size

      319KB

    • MD5

      b400ac4dcee9fd535224fcd33224f6b1

    • SHA1

      129db06c1a8281584e1c5440389841a4ea49ec62

    • SHA256

      6cc2dd1c821a1d47200a054998657e3ddec7bc0cd81e4e4a7edffa3f0f3ca724

    • SHA512

      e8fc66b31e231eed6b8a2d0e75351a719ff8d0d5b9b065cdb66fdcefe62bfa44702585523c6be0049ea601513b812efd5536e3e188a40223d9a186aaa061df35

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks