Overview

overview

10

Static

static

doc0762122...00.exe

windows7_x64

10

doc0762122...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc07621220210416113300.exe

  • Size

    611KB

  • Sample

    210423-5hn2k17svs

  • MD5

    86a60c76f4734d8e5e664d4296b05d23

  • SHA1

    bbd8bfae7c2449915d071899300aeb3de5030464

  • SHA256

    1dc132d54524bfd99e713b47052ec9fc2a59fcbb46d70c732426cf228446e17e

  • SHA512

    8ac001844e94a5bac88d3abf6f5a1d6a904d0443e29e78c9b41ab7b2f06995ea2a4d78d9829f61467ec2217c2db51b8dc33abda4caab7712c0dbebbb022ffd68

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

www.pakchoob.me:2404

Targets

    • Target

      doc07621220210416113300.exe

    • Size

      611KB

    • MD5

      86a60c76f4734d8e5e664d4296b05d23

    • SHA1

      bbd8bfae7c2449915d071899300aeb3de5030464

    • SHA256

      1dc132d54524bfd99e713b47052ec9fc2a59fcbb46d70c732426cf228446e17e

    • SHA512

      8ac001844e94a5bac88d3abf6f5a1d6a904d0443e29e78c9b41ab7b2f06995ea2a4d78d9829f61467ec2217c2db51b8dc33abda4caab7712c0dbebbb022ffd68

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks