Overview

overview

7

Static

static

7

REMCOS v1....ks.dll

windows10-2004-x64

3

REMCOS v1....er.exe

windows10-2004-x64

7

REMCOS v1....os.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REMCOS v1.7 Professional.zip

  • Size

    12.0MB

  • Sample

    230330-bmqy8scb4w

  • MD5

    dd5e7c7970a12f5ac80eba466cc27b94

  • SHA1

    1291af876790c7413f5b81d908b3bda0ea308c01

  • SHA256

    e88ada222ffa511c3940eedddcb1d282654d0d574858638213bddbd4178a56b9

  • SHA512

    a3d16bb21c82121cb247db54d011057d0ef0f74da8756571f94857ea6d438742b5f84eead991d5c9151213716a0a72ec4ae41f1d7c0450609c60b365d2c5185c

  • SSDEEP

    196608:rwqVH+vqgI4MlPCzZzvixV9iQavc4/qH8SLsVFIfw1EV10c5IyyHt2e3Y3Ps327H:MqVQqjPPCzB6D9iQa022hsVGllGZqP9H

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      REMCOS v1.7 Professional/REMCOSAuthHooks.dll

    • Size

      1.2MB

    • MD5

      a329f92ad3b9311af3130dbde81155ce

    • SHA1

      36f3ae74eb18049e37868f1e42b7e66a294d9494

    • SHA256

      d695a2ee6fcae64f4d8c4387a0a4c4aae05d08ce44a52598984673b890d02f27

    • SHA512

      a82f51c112c610e90252d41d108f178e1f8fb6ee98f391e354d871966e9a61637b063fdb1e5934f1af70f055effebc4325151aa256137c63a40b70affd850438

    • SSDEEP

      24576:flQQir0ed67LRTivbofUW5Y3wF7h6zFRdXjUa4Sq/KQodJagup+t:flJi4ed6ROvbwUQ+RdTUxS1Cwt

    Score
    3/10
    behavioral1

    • Target

      REMCOS v1.7 Professional/Remcos Loader.exe

    • Size

      1.8MB

    • MD5

      75792b5b38edd028d13eef62c0d828e6

    • SHA1

      9a84ec696d0bd14d1ceb16fd68d48bab9a42351e

    • SHA256

      b7f82678830c34db745a16d5551386f15ff28fda563f10c6903f6471a58e243e

    • SHA512

      2665982e2e7ccf1d86d523aafa66aa9c48e4c17377f59bcd77472bc9cde2bcb9b85fccd54eff79aeae33ef9683bc05d0fb2d9e2f01759bd3e51c8875ebef4c21

    • SSDEEP

      49152:XX2xsTyR0C70GPdjE1Z0e1HVNt7iXdll6dXqAV4a:2xse408HVNh+lQXqO

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      REMCOS v1.7 Professional/remcos.exe

    • Size

      9.9MB

    • MD5

      ed1e424ea6f625968a334377e8ac629f

    • SHA1

      ad00cc58a59a3d5b78d6603a1d09378e5dbd1647

    • SHA256

      1e5375b400f68c422804703390489b2cf3968c2a8bccb0b5b3c55fe1d2e3c991

    • SHA512

      5119b6ac8c1becda5b59a4802fc96828d338ba2d2767e5521bc226bf04b6637c1925b0cc1b0cf560540b1399730f695c55de23665e59d0683eb07d32939b8094

    • SSDEEP

      196608:PDrZiT5gAQXBIiOMaws3cH12+zvuyEvCr4O/G7ma96vtBOn/L6+:bAT5gbIKMs1rzvHrf/U3KkDL

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Matrix

Tasks