General

  • Target

    Statement of Account April-2021.exe

  • Size

    1.4MB

  • Sample

    210507-nn6hg6lvk2

  • MD5

    384e5af70000fb658251d79ddf8e8878

  • SHA1

    a2bafce0284f457eafd3dcbed73adeb84ed762df

  • SHA256

    98e5d25243d03b80cc83c955796c42b39f308f55102a9ec01d0f308e06b4cfa9

  • SHA512

    28ebd09467fa0781dc3c8a33ea24cb642ecfbcd56fd859c74590773147a45861752446501afc83e441d90507509de4b2b707a5e9b96531ae3a0358ed1ec76e9a

Score
10/10

Malware Config

Extracted

Family

remcos

C2

45.137.22.107:5888

Targets

    • Target

      Statement of Account April-2021.exe

    • Size

      1.4MB

    • MD5

      384e5af70000fb658251d79ddf8e8878

    • SHA1

      a2bafce0284f457eafd3dcbed73adeb84ed762df

    • SHA256

      98e5d25243d03b80cc83c955796c42b39f308f55102a9ec01d0f308e06b4cfa9

    • SHA512

      28ebd09467fa0781dc3c8a33ea24cb642ecfbcd56fd859c74590773147a45861752446501afc83e441d90507509de4b2b707a5e9b96531ae3a0358ed1ec76e9a

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks