General

  • Target

    94280a43_by_Libranalysis

  • Size

    957KB

  • Sample

    210511-fgxj67751e

  • MD5

    94280a43fd855f2a592d30c6e1d4253b

  • SHA1

    8a57b7856a398066d7d830072f88b6f7fa4e96fa

  • SHA256

    f4dcc52b899bbe0d34ffbb44032c0186953c174beaf647c0556c7e71385c6bb4

  • SHA512

    8e5e064f9ae4d4c7826870a6e4c36a8d12b4b260fefcfc235e88101feb0bcafcf815d98fc298dc1e34985b754f42f7b446ec88e2b4dfe389d7ba6aec684a8361

Score
10/10

Malware Config

Extracted

Family

remcos

C2

luckymanoffavour.ddns.net:5405

Targets

    • Target

      94280a43_by_Libranalysis

    • Size

      957KB

    • MD5

      94280a43fd855f2a592d30c6e1d4253b

    • SHA1

      8a57b7856a398066d7d830072f88b6f7fa4e96fa

    • SHA256

      f4dcc52b899bbe0d34ffbb44032c0186953c174beaf647c0556c7e71385c6bb4

    • SHA512

      8e5e064f9ae4d4c7826870a6e4c36a8d12b4b260fefcfc235e88101feb0bcafcf815d98fc298dc1e34985b754f42f7b446ec88e2b4dfe389d7ba6aec684a8361

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks