Overview

overview

10

Static

static

PO#BTX18000211.exe

windows7_x64

1

PO#BTX18000211.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#BTX18000211.7z

  • Size

    395KB

  • Sample

    211029-kld3qahgal

  • MD5

    a2c487386864ff13a813df5d8850d9ac

  • SHA1

    e47c94bbe947c7c746b69ad17e31b98ef7bb0c1a

  • SHA256

    46d6f81151b7e6ca9c8d50b57efd424b6cf4256d44f320f15e6d5fe52b206db4

  • SHA512

    6c97e32c233bad0ad0e6c244b3f8ef905142a5a2bf7c25f9a0fe8bfdd2ff4bd444aa2776a7d94990d464e6d5ee41efafedf4e6f76606cc6ce21d62b57d19e3c3

Score
10/10
remcospersistenceratsuricata

Malware Config

Targets

    • Target

      PO#BTX18000211.exe

    • Size

      1005KB

    • MD5

      eb7a5438f88f49074ea39ae1403ada1d

    • SHA1

      eb0d35a80550db99c1adc40c1ceae3f015a683ed

    • SHA256

      082baf651937a61c656a7166f6e672341808068663c21bd4111feccf71b78983

    • SHA512

      c7c529c2056270556e2e0419cebfd3f721ac065fbcb12c965b936aad9cf51da85c0ac5d2e83bc1a5b8542f19199ddc24bbc4883447c1d5d5a71c7ecb9016e2ad

    Score
    10/10
    remcospersistenceratsuricata

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • suricata: ET MALWARE Remocs 3.x Unencrypted Checkin

      suricata: ET MALWARE Remocs 3.x Unencrypted Checkin

      suricata

    • suricata: ET MALWARE Remocs 3.x Unencrypted Server Response

      suricata: ET MALWARE Remocs 3.x Unencrypted Server Response

      suricata

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks