Overview

overview

10

Static

static

1359d2ae_b...is.exe

windows7_x64

10

1359d2ae_b...is.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1359d2ae_by_Libranalysis

  • Size

    810KB

  • Sample

    210503-de9w53gcqj

  • MD5

    1359d2ae48d4c27cdbf10dd8f9f8eafd

  • SHA1

    f3210105b446141cf30605e1b32bca94a70a09c3

  • SHA256

    8f79f808363d9757feb37812ef97945640793e6d3ac29078f0ea08475dd40a22

  • SHA512

    52de4f7a7f0fd00edd3b6be3fa211cae82578d4a7b30c078ce9faa9d3cd1d7de9cab5f4eb0816bf4898dbc49a6d975314d72c3c3606e5cda97e76d971703224b

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

angelista23.duckdns.org:1717

Targets

    • Target

      1359d2ae_by_Libranalysis

    • Size

      810KB

    • MD5

      1359d2ae48d4c27cdbf10dd8f9f8eafd

    • SHA1

      f3210105b446141cf30605e1b32bca94a70a09c3

    • SHA256

      8f79f808363d9757feb37812ef97945640793e6d3ac29078f0ea08475dd40a22

    • SHA512

      52de4f7a7f0fd00edd3b6be3fa211cae82578d4a7b30c078ce9faa9d3cd1d7de9cab5f4eb0816bf4898dbc49a6d975314d72c3c3606e5cda97e76d971703224b

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks