General

  • Target

    Appraisa-reportl11002275444900.zip

  • Size

    1KB

  • Sample

    210421-tn7ekfa8wj

  • MD5

    e8ca9498986b1c304ad639874335339f

  • SHA1

    4788b8c8ecbaa525739b787230221b7173806e36

  • SHA256

    6fdcc4b886c1ddcd5a76bfb4f8c79cf39f7c3c3fbe08cee92fa5a8eeafc57e43

  • SHA512

    ea39f54d80b551af073b901e48cc715c651092a918036887eac0daf67c33c99e8124e6381c6db5b9bae1abc05723e1b9c1ef0db48cb8b3c580a3b4b34cdc69bb

Score
10/10

Malware Config

Extracted

Family

remcos

C2

194.5.97.183:8888

Targets

    • Target

      Appraisa.vbs

    • Size

      662B

    • MD5

      2e95d045ff86903502b52f5fd0976aad

    • SHA1

      c74e479ff249f1e8c248b8a67e318a61b1f1d5e4

    • SHA256

      dae93e987a854255ff55ce9f62729f17f57d3f8a56933a57cb8de89b698e81f0

    • SHA512

      0427fa613d91d41c98dfb7d9a964c74857813959f427eb060a1a39c2cf289235aaa0aec6015cea8d7bd16da1e14bae3ba88c998780d33ea6faf9d0b8102264df

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    • Target

      Property.hta

    • Size

      892B

    • MD5

      aa6ce10d162230b25a61485b825e63f7

    • SHA1

      3c67a18949e8ce67895f3faecd1ad0700afcb676

    • SHA256

      59d9dea1d62242b9bef74b91343ed8ef56525dfd9d0a9014494f487a15686fc0

    • SHA512

      5f4d58f15b5020fb0506ce52b09737ba7beb0743a1bc1b77086ec16875f30e3114e84ae3f8a18b19755634ec124cb5254da2d24901317ab98591b20750c9de45

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

2
T1082

Tasks