General

  • Target

    Swift-Correction.exe

  • Size

    702KB

  • Sample

    210507-nqnsrnvhfx

  • MD5

    a9d4da3791d728d32e7b4bfc823744b9

  • SHA1

    82fda97279a81db1010e3df2ae6cbf69eae1f956

  • SHA256

    4fa4ab75bd8f5439907cadec8c16b8e006045e73bc45adbbd5ab368b20cf2c5f

  • SHA512

    e150f215640ecc00a0b1d5ade277d89c1b4aefde8cb8585b6a40db0f54a042bed572c4d80e1c208610c3843747f4a301362c85ecb990748f967d709bffef97a0

Score
10/10

Malware Config

Extracted

Family

remcos

C2

79.134.225.19:2555

Targets

    • Target

      Swift-Correction.exe

    • Size

      702KB

    • MD5

      a9d4da3791d728d32e7b4bfc823744b9

    • SHA1

      82fda97279a81db1010e3df2ae6cbf69eae1f956

    • SHA256

      4fa4ab75bd8f5439907cadec8c16b8e006045e73bc45adbbd5ab368b20cf2c5f

    • SHA512

      e150f215640ecc00a0b1d5ade277d89c1b4aefde8cb8585b6a40db0f54a042bed572c4d80e1c208610c3843747f4a301362c85ecb990748f967d709bffef97a0

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks