Overview

overview

10

Static

static

DOCUMENTAC...df.exe

windows7_x64

10

DOCUMENTAC...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe

  • Size

    415KB

  • Sample

    210426-wj1nx61p4n

  • MD5

    9410edb3f57915bbc892e500d79b8a97

  • SHA1

    038c25de7dcf774d06cfdfaf3ce12197e2c76e15

  • SHA256

    c52300fe42f736d2a9f3dbdb038163b3f59a3433270d24d1644e75e312a14758

  • SHA512

    daf9cbdc276c78534d420c76c7caa126cabf83d437425cccea2130f8e431b6a2339cfce03487b0512ac621850a829303f4732287e2faa361b9a278ed6f4a0d6f

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

dominoduck2103.duckdns.org:9792

Targets

    • Target

      DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe

    • Size

      415KB

    • MD5

      9410edb3f57915bbc892e500d79b8a97

    • SHA1

      038c25de7dcf774d06cfdfaf3ce12197e2c76e15

    • SHA256

      c52300fe42f736d2a9f3dbdb038163b3f59a3433270d24d1644e75e312a14758

    • SHA512

      daf9cbdc276c78534d420c76c7caa126cabf83d437425cccea2130f8e431b6a2339cfce03487b0512ac621850a829303f4732287e2faa361b9a278ed6f4a0d6f

    Score
    10/10
    remcospersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks