General

  • Target

    082e8b6b74753482bca3797cb17c79e93f7f4fac591bd9a20239235b3595473a

  • Size

    2.9MB

  • Sample

    210509-zqnqzh3rbn

  • MD5

    c7022a3694ea7867e1b3d92f3e9a9b28

  • SHA1

    ecf16ede30e2923a6d68579a5c603c4b43de0b13

  • SHA256

    082e8b6b74753482bca3797cb17c79e93f7f4fac591bd9a20239235b3595473a

  • SHA512

    0d9f178cc9e85bf66906ca1a1f458c2388897c549fc0ccf436025164964f087eff69c7767783b8c9c32b540a75c67f144c74cc5a481eada204d740815b073c61

Malware Config

Extracted

Family

remcos

C2

daya4659.ddns.net:8282

Targets

    • Target

      082e8b6b74753482bca3797cb17c79e93f7f4fac591bd9a20239235b3595473a

    • Size

      2.9MB

    • MD5

      c7022a3694ea7867e1b3d92f3e9a9b28

    • SHA1

      ecf16ede30e2923a6d68579a5c603c4b43de0b13

    • SHA256

      082e8b6b74753482bca3797cb17c79e93f7f4fac591bd9a20239235b3595473a

    • SHA512

      0d9f178cc9e85bf66906ca1a1f458c2388897c549fc0ccf436025164964f087eff69c7767783b8c9c32b540a75c67f144c74cc5a481eada204d740815b073c61

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks