Overview

overview

10

Static

static

No. 024OPS...021.js

windows7_x64

10

No. 024OPS...021.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    No. 024OPSCON-INVIII2021.js

  • Size

    242KB

  • Sample

    210430-dk95raj2ls

  • MD5

    fc4340a7585070731daaf1f696a0f436

  • SHA1

    8ad08a853156911c793861a4ac9f6d3636ced06f

  • SHA256

    699ea201d2965d9515e01f981ab4006fd383ab17fd2f6996cc937f974dce39b2

  • SHA512

    e2ffb8cfb65a0ff4c0418069490a4ee0dbddb8ac585fc1f340bd4ba61ba17b9b8b53ea0693381801953391326846e52f3d287b5d1bc66fbd1a56921b6cb412e4

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

umuchu.hopto.org:2405

Targets

    • Target

      No. 024OPSCON-INVIII2021.js

    • Size

      242KB

    • MD5

      fc4340a7585070731daaf1f696a0f436

    • SHA1

      8ad08a853156911c793861a4ac9f6d3636ced06f

    • SHA256

      699ea201d2965d9515e01f981ab4006fd383ab17fd2f6996cc937f974dce39b2

    • SHA512

      e2ffb8cfb65a0ff4c0418069490a4ee0dbddb8ac585fc1f340bd4ba61ba17b9b8b53ea0693381801953391326846e52f3d287b5d1bc66fbd1a56921b6cb412e4

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks