General

  • Target

    c8dda172a1b70d273679c40e8a0b0e89.exe

  • Size

    737KB

  • Sample

    210426-lbmmgktx2j

  • MD5

    c8dda172a1b70d273679c40e8a0b0e89

  • SHA1

    1bcb05fb57bee5a92d4ba567ff1fea3e866ac281

  • SHA256

    520457786da0e88af9df6022e8e87642d0cc6c3b1aaf34082b929a0b3aed6074

  • SHA512

    f5bfea07e1f2b183459e1001be9137902b01c48d2d091c992a3a6b5d58a3f9eb594a227ff217ae5ade8812895c9e0662f0b2269af09ba5a6fa2ad2cec3c05038

Score
10/10

Malware Config

Extracted

Family

remcos

C2

sandshoe.myfirewall.org:2415

Targets

    • Target

      c8dda172a1b70d273679c40e8a0b0e89.exe

    • Size

      737KB

    • MD5

      c8dda172a1b70d273679c40e8a0b0e89

    • SHA1

      1bcb05fb57bee5a92d4ba567ff1fea3e866ac281

    • SHA256

      520457786da0e88af9df6022e8e87642d0cc6c3b1aaf34082b929a0b3aed6074

    • SHA512

      f5bfea07e1f2b183459e1001be9137902b01c48d2d091c992a3a6b5d58a3f9eb594a227ff217ae5ade8812895c9e0662f0b2269af09ba5a6fa2ad2cec3c05038

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks