General

  • Target

    EU_SANCTION_LETTER-05052021.exe

  • Size

    979KB

  • Sample

    210506-y3y1d1maqa

  • MD5

    3f42de1bd40b5621c7d580d8445bc0a7

  • SHA1

    433bed058c0b2d7cf2374f67b7657388905f415c

  • SHA256

    cb999b03f075385459346622f17dbeec34ee53a158c5e5fd01bad5d8e9461e9d

  • SHA512

    c1bdcccfdaac456f7d07d7787f069324cb14aef487ab20a5e543456f47b7634934b3acb98b7342061c5153b84d93759b8920ee5135d92c6d43fc910dbb809d0e

Score
10/10

Malware Config

Extracted

Family

remcos

C2

www.swqrn.com:16108

Targets

    • Target

      EU_SANCTION_LETTER-05052021.exe

    • Size

      979KB

    • MD5

      3f42de1bd40b5621c7d580d8445bc0a7

    • SHA1

      433bed058c0b2d7cf2374f67b7657388905f415c

    • SHA256

      cb999b03f075385459346622f17dbeec34ee53a158c5e5fd01bad5d8e9461e9d

    • SHA512

      c1bdcccfdaac456f7d07d7787f069324cb14aef487ab20a5e543456f47b7634934b3acb98b7342061c5153b84d93759b8920ee5135d92c6d43fc910dbb809d0e

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Discovery

System Information Discovery

1
T1082

Tasks