General

  • Target

    SecuriteInfo.com.Trojan.Siggen13.10810.1172.8309

  • Size

    547KB

  • Sample

    210421-azyth8bbj2

  • MD5

    acbd9fc7eb373a859ad632083defb499

  • SHA1

    6360faba83a241b4c12883acbd02489457b068bd

  • SHA256

    8156b58e3c433b45ab29498fe69e2a506167283f9bc09a5310a117a360ba76f0

  • SHA512

    d742d5e7932a74a5451bc15b739e8ea9e12d201860008bd3b06651a691a3c4fe5dbd7b25b0899588db47949fcb212a010d9417a42697051d441df0cd12561b42

Score
10/10

Malware Config

Extracted

Family

remcos

C2

46.183.220.61:2404

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen13.10810.1172.8309

    • Size

      547KB

    • MD5

      acbd9fc7eb373a859ad632083defb499

    • SHA1

      6360faba83a241b4c12883acbd02489457b068bd

    • SHA256

      8156b58e3c433b45ab29498fe69e2a506167283f9bc09a5310a117a360ba76f0

    • SHA512

      d742d5e7932a74a5451bc15b739e8ea9e12d201860008bd3b06651a691a3c4fe5dbd7b25b0899588db47949fcb212a010d9417a42697051d441df0cd12561b42

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks