General

  • Target

    EXTRACTO_SERFINANZA_694237605670237898130_880400300571994975454_677658493671733776943344733_49888556350297126565426875_p

  • Size

    184KB

  • Sample

    210426-tvdxtf6cna

  • MD5

    4f9650b7df074e8bde07401b1ba53d29

  • SHA1

    41e963c3f35af703e50e07e1dbecd47c86ccb7de

  • SHA256

    714f5babb7ff43c5c7d994ee24ffca6be9508b86998ba18c719bcb3f9596f358

  • SHA512

    b3554305a41e2520e9cb764dc61d8abb9552fa3b1e821c01208360f28afa6f7f50b3ce721975ec6a6bf78829af4783280d6939c87f6d51fb88d0ad6b88fd5312

Score
10/10

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:3521

Targets

    • Target

      EXTRACTO_SERFINANZA_694237605670237898130_880400300571994975454_677658493671733776943344733_49888556350297126565426875_p

    • Size

      184KB

    • MD5

      4f9650b7df074e8bde07401b1ba53d29

    • SHA1

      41e963c3f35af703e50e07e1dbecd47c86ccb7de

    • SHA256

      714f5babb7ff43c5c7d994ee24ffca6be9508b86998ba18c719bcb3f9596f358

    • SHA512

      b3554305a41e2520e9cb764dc61d8abb9552fa3b1e821c01208360f28afa6f7f50b3ce721975ec6a6bf78829af4783280d6939c87f6d51fb88d0ad6b88fd5312

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks