Overview

overview

10

Static

static

Waybill Do...56.exe

windows7_x64

10

Waybill Do...56.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Waybill Document 22700456.exe

  • Size

    947KB

  • Sample

    210511-tekfsea1ha

  • MD5

    9b2fb0104dbec8aeb75bc432cf538a76

  • SHA1

    69418022293ebd9900584fff7c510e3f39be9a2b

  • SHA256

    7863e8d94d7f595345e13ed45b8600c86d3a8bea389ca25950dfae8a9d94195a

  • SHA512

    0af45a6eafd924b375808882c56b1d00a137776c89ad42d5b83afc4695ae30d73163673033d230d11e2e86dc36fdcb969f6ea2113451e25f97cc8c943b92ae42

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

poiarmex247.ddns.net:8634

Targets

    • Target

      Waybill Document 22700456.exe

    • Size

      947KB

    • MD5

      9b2fb0104dbec8aeb75bc432cf538a76

    • SHA1

      69418022293ebd9900584fff7c510e3f39be9a2b

    • SHA256

      7863e8d94d7f595345e13ed45b8600c86d3a8bea389ca25950dfae8a9d94195a

    • SHA512

      0af45a6eafd924b375808882c56b1d00a137776c89ad42d5b83afc4695ae30d73163673033d230d11e2e86dc36fdcb969f6ea2113451e25f97cc8c943b92ae42

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks