General

  • Target

    m1WOP5oC15Xaepo.exe

  • Size

    784KB

  • Sample

    210424-bc7a6ddv2a

  • MD5

    3441e57f22d51b7bc539595450ee1dd6

  • SHA1

    cd77031b1df0ec4e2d10fe4077674783270d6c4e

  • SHA256

    30552657a06df54de322d5d689ca77d2cacbf8e85136ca915843c9a99e4f26c0

  • SHA512

    b05c84cb74ab5cdd17e8778712febb9c193ff29d38b461463f6000723f90040ad531a6274a660c00798c3cf6c31f1b71b4f9f8166be3620c6f569e19f78c066c

Score
10/10

Malware Config

Extracted

Family

remcos

C2

217.138.212.58:52667

Targets

    • Target

      m1WOP5oC15Xaepo.exe

    • Size

      784KB

    • MD5

      3441e57f22d51b7bc539595450ee1dd6

    • SHA1

      cd77031b1df0ec4e2d10fe4077674783270d6c4e

    • SHA256

      30552657a06df54de322d5d689ca77d2cacbf8e85136ca915843c9a99e4f26c0

    • SHA512

      b05c84cb74ab5cdd17e8778712febb9c193ff29d38b461463f6000723f90040ad531a6274a660c00798c3cf6c31f1b71b4f9f8166be3620c6f569e19f78c066c

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks