Overview

overview

10

Static

static

10

MYCHI.exe

windows7_x64

10

MYCHI.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MYCHI.exe

  • Size

    128KB

  • Sample

    210504-x7gd7pblje

  • MD5

    75043c4082c567335c389fdd3a2d43d2

  • SHA1

    162dab26aea594b65a4f4fc11aeb5a2b8a53021b

  • SHA256

    00c6fec43721edc15cca63d3848cfa4173edffa71e601461daaf130eec32eff4

  • SHA512

    919081234316e7f142e908c38d4688154ff81eef94809e24a150b9e92f733a268d91ba78d98199bad7d96e92c4b5256601f70031981283fd3c93e02e9d00f4a9

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

mychi.hopto.org:2405

Targets

    • Target

      MYCHI.exe

    • Size

      128KB

    • MD5

      75043c4082c567335c389fdd3a2d43d2

    • SHA1

      162dab26aea594b65a4f4fc11aeb5a2b8a53021b

    • SHA256

      00c6fec43721edc15cca63d3848cfa4173edffa71e601461daaf130eec32eff4

    • SHA512

      919081234316e7f142e908c38d4688154ff81eef94809e24a150b9e92f733a268d91ba78d98199bad7d96e92c4b5256601f70031981283fd3c93e02e9d00f4a9

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks