Overview

overview

10

Static

static

Appraisal....y..vbs

windows7_x64

10

Appraisal....y..vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Appraisal.property..vbs

  • Size

    704B

  • Sample

    210429-g93kpmbq7a

  • MD5

    7058bdc13d0094b435eaa07b09e76297

  • SHA1

    f9084f4c4f1756fd531007a8fd7a344207a4cd13

  • SHA256

    a465bb35f4e7bafb2fea17156c39daee286e49c3f10463ecb8d29766e2d0b200

  • SHA512

    1b0bfd576cfae09c9d997ea8a93fa07e9b353cd68076d6665d21a6b46940126593d3eeb78331375a64a94e0b332581e1a4207e9217b5bf142c1798ddf7a12ed7

Score
10/10
remcosrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia601403.us.archive.org/35/items/all_20210429/ALL.TXT

Extracted

Family

remcos

C2

185.19.85.168:1723

Targets

    • Target

      Appraisal.property..vbs

    • Size

      704B

    • MD5

      7058bdc13d0094b435eaa07b09e76297

    • SHA1

      f9084f4c4f1756fd531007a8fd7a344207a4cd13

    • SHA256

      a465bb35f4e7bafb2fea17156c39daee286e49c3f10463ecb8d29766e2d0b200

    • SHA512

      1b0bfd576cfae09c9d997ea8a93fa07e9b353cd68076d6665d21a6b46940126593d3eeb78331375a64a94e0b332581e1a4207e9217b5bf142c1798ddf7a12ed7

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks