Overview

overview

10

Static

static

SecuriteIn...71.exe

windows7_x64

10

SecuriteIn...71.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.726.12479.23271

  • Size

    1.7MB

  • Sample

    210511-hk7vf1c2zx

  • MD5

    623b957f20ce6053878bcc86fc8b073e

  • SHA1

    2f93c1e73f9a5470903663ecf1212789f95c8227

  • SHA256

    1b8733a553b25ca6338c13d25d938778f515f4c87229f3b632077c450c36ea98

  • SHA512

    14fa9df4a41795adcd32972e7319aadd1c85c8d913a6c35c4820b3332b748897fb523e59ce278fe30e334d56cd420e9f19b53976c443be0a87c966cc1374b6a5

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

ghdyuienah123.freedynamicdns.org:2006

Targets

    • Target

      SecuriteInfo.com.Trojan.PackedNET.726.12479.23271

    • Size

      1.7MB

    • MD5

      623b957f20ce6053878bcc86fc8b073e

    • SHA1

      2f93c1e73f9a5470903663ecf1212789f95c8227

    • SHA256

      1b8733a553b25ca6338c13d25d938778f515f4c87229f3b632077c450c36ea98

    • SHA512

      14fa9df4a41795adcd32972e7319aadd1c85c8d913a6c35c4820b3332b748897fb523e59ce278fe30e334d56cd420e9f19b53976c443be0a87c966cc1374b6a5

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks