General

  • Target

    Factura Serfinanza089768553548090985869814228.exe

  • Size

    183KB

  • Sample

    210426-2fx7866gh2

  • MD5

    c1b9c27c13f700813890b186b09bf55a

  • SHA1

    a816f0a3df54453fd3dec7e91cc17d0eeb74ee81

  • SHA256

    e4087f56d9f1aae9eb98d19654465241c4b1c52bac4d7e4c5cbea11cb3244905

  • SHA512

    5f03a562eccc1dce9a881c8637a3e4c56e9daeb1869392fa7b4134ec8000800962cc44cd0ef91dd03ff46053db08d767460c9008bb4dfdecc230bb4cd22737d2

Score
10/10

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

    • Target

      Factura Serfinanza089768553548090985869814228.exe

    • Size

      183KB

    • MD5

      c1b9c27c13f700813890b186b09bf55a

    • SHA1

      a816f0a3df54453fd3dec7e91cc17d0eeb74ee81

    • SHA256

      e4087f56d9f1aae9eb98d19654465241c4b1c52bac4d7e4c5cbea11cb3244905

    • SHA512

      5f03a562eccc1dce9a881c8637a3e4c56e9daeb1869392fa7b4134ec8000800962cc44cd0ef91dd03ff46053db08d767460c9008bb4dfdecc230bb4cd22737d2

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks