Overview

overview

10

Static

static

REF-ORDER ...740.js

windows7_x64

10

REF-ORDER ...740.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0df6289b_by_Libranalysis

  • Size

    93KB

  • Sample

    210504-znqg6cq526

  • MD5

    0df6289bbf5c4d17a784ad31cdf4c8f5

  • SHA1

    90d210c5fc445eeff1256df98f24e583944b2644

  • SHA256

    29eacda0c6ea2660180e38df7d5f6594af73cbcf4d421d4bdd9cde1ab9275091

  • SHA512

    95a604b5ed017651bf5aa2f159438990ab5db59735518f8bcfd16265573eec376058de3ae27365588d8b367ac696c7427740160d140db1bd34816e671deff2e4

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

mychi.hopto.org:2405

Targets

    • Target

      REF-ORDER NO PO# 65081740.js

    • Size

      244KB

    • MD5

      67dfd969d7a1a46c7dc0969d578bdf9a

    • SHA1

      a9a937dc10523a4b93479792c30b129613bef14d

    • SHA256

      ca9e2767da4a730385ef65837def72585ec12aa2dbadc9611bbf3bcda6a85155

    • SHA512

      4d3143e7871d65a76fcf4cae0cc143df9283d3e0fb4fe9e0b3a41149037da0e3e67568e98711f921527236478436ad750d1c3c37a67d2c95e27ed3a58bb2ec1b

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks