Overview

overview

10

Static

static

REF-ORDER ...740.js

windows7_x64

10

REF-ORDER ...740.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REF-ORDER NO PO# 65081740.js

  • Size

    244KB

  • Sample

    210503-benxv77p8x

  • MD5

    67dfd969d7a1a46c7dc0969d578bdf9a

  • SHA1

    a9a937dc10523a4b93479792c30b129613bef14d

  • SHA256

    ca9e2767da4a730385ef65837def72585ec12aa2dbadc9611bbf3bcda6a85155

  • SHA512

    4d3143e7871d65a76fcf4cae0cc143df9283d3e0fb4fe9e0b3a41149037da0e3e67568e98711f921527236478436ad750d1c3c37a67d2c95e27ed3a58bb2ec1b

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

mychi.hopto.org:2405

Targets

    • Target

      REF-ORDER NO PO# 65081740.js

    • Size

      244KB

    • MD5

      67dfd969d7a1a46c7dc0969d578bdf9a

    • SHA1

      a9a937dc10523a4b93479792c30b129613bef14d

    • SHA256

      ca9e2767da4a730385ef65837def72585ec12aa2dbadc9611bbf3bcda6a85155

    • SHA512

      4d3143e7871d65a76fcf4cae0cc143df9283d3e0fb4fe9e0b3a41149037da0e3e67568e98711f921527236478436ad750d1c3c37a67d2c95e27ed3a58bb2ec1b

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks