Overview

overview

10

Static

static

DOCADJDELP...05.exe

windows7_x64

10

DOCADJDELP...05.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCADJDELPROCEFRAUFISC346340003 DOCADJDELPROCEFRAUFISC346340005.exe

  • Size

    1003KB

  • Sample

    210427-xdhvxc6jvn

  • MD5

    73fe7532d75c146f45f2d09ad844d573

  • SHA1

    b982e7b808b140625cc1af5b5d093f03b0b44ce3

  • SHA256

    08f234ec292a6a493c9c3e21cf1a08a91899bc929de74ed1a833a42da0891bb9

  • SHA512

    b930b35292abba797900234f4e5a0a9b1f340e072a9af646fc2dce876fd5757b2bba6fca218e2fe5c7487757880ccfe71a1d624067903ebe833334811cb0dd34

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

yuyitosjs.duckdns.org:1717

Targets

    • Target

      DOCADJDELPROCEFRAUFISC346340003 DOCADJDELPROCEFRAUFISC346340005.exe

    • Size

      1003KB

    • MD5

      73fe7532d75c146f45f2d09ad844d573

    • SHA1

      b982e7b808b140625cc1af5b5d093f03b0b44ce3

    • SHA256

      08f234ec292a6a493c9c3e21cf1a08a91899bc929de74ed1a833a42da0891bb9

    • SHA512

      b930b35292abba797900234f4e5a0a9b1f340e072a9af646fc2dce876fd5757b2bba6fca218e2fe5c7487757880ccfe71a1d624067903ebe833334811cb0dd34

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks