Overview

overview

10

Static

static

9583a70327...ac.exe

windows7_x64

10

9583a70327...ac.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9583a703274b68a2fb524598b40a87ac.exe

  • Size

    1.8MB

  • Sample

    210505-cn96l3hq5e

  • MD5

    9583a703274b68a2fb524598b40a87ac

  • SHA1

    ffe41851b9820e5bfd7aad7dadcaf8d4822ba5f1

  • SHA256

    ebb89d7d2ba96d368ef3e3f296ba7ff2e591489e7726a0613c89764b7f654390

  • SHA512

    428550ecc7e4e86d761f662972ac6e67af5f02183d6e762e10e686ce316337f97a43cc44cb32ff42c9296f7e382f8a3fedb28687af224593eab7cbadec2135e6

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu:2177

Targets

    • Target

      9583a703274b68a2fb524598b40a87ac.exe

    • Size

      1.8MB

    • MD5

      9583a703274b68a2fb524598b40a87ac

    • SHA1

      ffe41851b9820e5bfd7aad7dadcaf8d4822ba5f1

    • SHA256

      ebb89d7d2ba96d368ef3e3f296ba7ff2e591489e7726a0613c89764b7f654390

    • SHA512

      428550ecc7e4e86d761f662972ac6e67af5f02183d6e762e10e686ce316337f97a43cc44cb32ff42c9296f7e382f8a3fedb28687af224593eab7cbadec2135e6

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks