Overview

overview

10

Static

static

Ver PDF ad...E..exe

windows7_x64

10

Ver PDF ad...E..exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ver PDF adjunto de la información URGENTE. Ver PDF adjunto de la información URGENTE..exe

  • Size

    931KB

  • Sample

    210422-yktbcwkqkj

  • MD5

    d71820e1e40817a7b9b8d8ba826acac8

  • SHA1

    758bdda14bec7abd4a8f2a2249a36219dc7a6d43

  • SHA256

    939af6a45d6c3afd50ada0f312602f5850e8fa1d36767475134b7a3f560dcac6

  • SHA512

    3e73a7a77a561b62086a5b215cc0a58501b70fc7f66d6a0aded0a3f83bef93197d8c8f13152cbc9dc846939e263b452e3022626ee56f814ac53490181ff76e98

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

europarem.duckdns.org:1012

Targets

    • Target

      Ver PDF adjunto de la información URGENTE. Ver PDF adjunto de la información URGENTE..exe

    • Size

      931KB

    • MD5

      d71820e1e40817a7b9b8d8ba826acac8

    • SHA1

      758bdda14bec7abd4a8f2a2249a36219dc7a6d43

    • SHA256

      939af6a45d6c3afd50ada0f312602f5850e8fa1d36767475134b7a3f560dcac6

    • SHA512

      3e73a7a77a561b62086a5b215cc0a58501b70fc7f66d6a0aded0a3f83bef93197d8c8f13152cbc9dc846939e263b452e3022626ee56f814ac53490181ff76e98

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks