Overview

overview

10

Static

static

chungx3234.exe

windows7_x64

10

chungx3234.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    chungx3234.exe

  • Size

    628KB

  • Sample

    210511-5bdx8f31b2

  • MD5

    968927d627b5be1a39972dc04068b2b3

  • SHA1

    f495284e62c4775c2cddee1d14e59ac82d6950a0

  • SHA256

    4ae72c1d1198e6ff1e19bb210c61a10e847e703c1f77be90c76c7438a3de9be9

  • SHA512

    9875396cf806fab51f8a0fea552e69e920a7c693aa3f393dbe4b23ea1742f5a26ff09a37f7dce1279d371ae65e721110f14910a97c71eecf1ccbc079445fe329

Score
10/10
remcosevasionpersistencerattrojan

Malware Config

Extracted

Family

remcos

C2

ytuna7307.duckdns.org:3030

Targets

    • Target

      chungx3234.exe

    • Size

      628KB

    • MD5

      968927d627b5be1a39972dc04068b2b3

    • SHA1

      f495284e62c4775c2cddee1d14e59ac82d6950a0

    • SHA256

      4ae72c1d1198e6ff1e19bb210c61a10e847e703c1f77be90c76c7438a3de9be9

    • SHA512

      9875396cf806fab51f8a0fea552e69e920a7c693aa3f393dbe4b23ea1742f5a26ff09a37f7dce1279d371ae65e721110f14910a97c71eecf1ccbc079445fe329

    Score
    10/10
    remcosevasionpersistencerattrojan

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks