Overview

overview

10

Static

static

TNT Recei...df.exe

windows7_x64

10

TNT Recei...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TNT Receipt_AWB no#87993766478,pdf.exe

  • Size

    715KB

  • Sample

    211029-fs459shcgk

  • MD5

    27a9e4f59f0735c1cd5b6fec688fe6f4

  • SHA1

    86de7e9b35afb3726a925b1a1b7bd00c81c2f6a9

  • SHA256

    64e7a4dbad57f1c217a17ad6214d29230ac8ba813d001fdaa35f17fd83f62cf3

  • SHA512

    1bfc5666172ce59267c58d70347060f5b696dc7414bd1b7efc20f8a544da7c671e9943c3e364ddebdbd734e0de14743f5c5244691d7306973486596376bf75e1

Score
10/10
remcosratsuricata

Malware Config

Targets

    • Target

      TNT Receipt_AWB no#87993766478,pdf.exe

    • Size

      715KB

    • MD5

      27a9e4f59f0735c1cd5b6fec688fe6f4

    • SHA1

      86de7e9b35afb3726a925b1a1b7bd00c81c2f6a9

    • SHA256

      64e7a4dbad57f1c217a17ad6214d29230ac8ba813d001fdaa35f17fd83f62cf3

    • SHA512

      1bfc5666172ce59267c58d70347060f5b696dc7414bd1b7efc20f8a544da7c671e9943c3e364ddebdbd734e0de14743f5c5244691d7306973486596376bf75e1

    Score
    10/10
    remcosratsuricata

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • suricata: ET MALWARE Remocs 3.x Unencrypted Checkin

      suricata: ET MALWARE Remocs 3.x Unencrypted Checkin

      suricata

    • suricata: ET MALWARE Remocs 3.x Unencrypted Server Response

      suricata: ET MALWARE Remocs 3.x Unencrypted Server Response

      suricata

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks