Overview

overview

10

Static

static

Appraisal.vbs

windows7_x64

10

Appraisal.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Appraisal.vbs

  • Size

    713B

  • Sample

    210425-3zc1qeze8j

  • MD5

    374872083b769268ef5be044031e72cf

  • SHA1

    ccb15dd8642387523121e8c67bb8fa41b2b2f966

  • SHA256

    5f06da67169389577ec237bfb0c3e0e9203833048f48081deed7b6201ad18c27

  • SHA512

    5b97e908e39d61decb10a0b2bdf9d94043d899b86052fcedd598d87a7a610d977b526c5176c91b7bdecacb1a1eb3f39ce3bab9547c253e2b4e17c837dc50de58

Score
10/10
remcosrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia601403.us.archive.org/17/items/all_20210425_202104/ALL.TXT

Extracted

Family

remcos

C2

185.19.85.168:1723

Targets

    • Target

      Appraisal.vbs

    • Size

      713B

    • MD5

      374872083b769268ef5be044031e72cf

    • SHA1

      ccb15dd8642387523121e8c67bb8fa41b2b2f966

    • SHA256

      5f06da67169389577ec237bfb0c3e0e9203833048f48081deed7b6201ad18c27

    • SHA512

      5b97e908e39d61decb10a0b2bdf9d94043d899b86052fcedd598d87a7a610d977b526c5176c91b7bdecacb1a1eb3f39ce3bab9547c253e2b4e17c837dc50de58

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks