Overview

overview

10

Static

static

m1WOP5oC15Xaepo.exe

windows7_x64

10

m1WOP5oC15Xaepo.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    m1WOP5oC15Xaepo.exe

  • Size

    784KB

  • Sample

    210424-bc7a6ddv2a

  • MD5

    3441e57f22d51b7bc539595450ee1dd6

  • SHA1

    cd77031b1df0ec4e2d10fe4077674783270d6c4e

  • SHA256

    30552657a06df54de322d5d689ca77d2cacbf8e85136ca915843c9a99e4f26c0

  • SHA512

    b05c84cb74ab5cdd17e8778712febb9c193ff29d38b461463f6000723f90040ad531a6274a660c00798c3cf6c31f1b71b4f9f8166be3620c6f569e19f78c066c

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

217.138.212.58:52667

Targets

    • Target

      m1WOP5oC15Xaepo.exe

    • Size

      784KB

    • MD5

      3441e57f22d51b7bc539595450ee1dd6

    • SHA1

      cd77031b1df0ec4e2d10fe4077674783270d6c4e

    • SHA256

      30552657a06df54de322d5d689ca77d2cacbf8e85136ca915843c9a99e4f26c0

    • SHA512

      b05c84cb74ab5cdd17e8778712febb9c193ff29d38b461463f6000723f90040ad531a6274a660c00798c3cf6c31f1b71b4f9f8166be3620c6f569e19f78c066c

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks