Overview

overview

10

Static

static

10

58dc1cfd31...92.exe

windows7-x64

10

58dc1cfd31...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58dc1cfd317058134777f77f86f62592.exe

  • Size

    456KB

  • MD5

    58dc1cfd317058134777f77f86f62592

  • SHA1

    22f19ee32e81d180be5c4e824d359456df811293

  • SHA256

    12a0e61c40e9664cd768c55b50d204e038067e9dfa34c04d0170426565eb2d2c

  • SHA512

    0d6984b84336c189eb590ae870b5a50ca81f3d90a7fe97ffdbfab9569b841711475054d6c1ea6e592ad9ae45e14ff70efcfd7c10effb865843a5e79b9a4be0c2

  • SSDEEP

    6144:cc53ezqVrhiBZ84M/k22nZcrTEfCNV0cjd2shWR5dhTAOZZ8jXCSrcDCu:n53ez1HzMc2k0EKNV5dlE//Z8eStu

Score
10/10
remcosrat

Malware Config

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58dc1cfd317058134777f77f86f62592.exe
    "C:\Users\Admin\AppData\Local\Temp\58dc1cfd317058134777f77f86f62592.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\remcos\logs.dat
    Filesize

    148B

    MD5

    024dcaa73bd8973f82da896382ea251e

    SHA1

    ae4c1dd7d42e8d890d2a2dd380c452a5f1c47a7a

    SHA256

    e6c608212ba5f5ac80e7060a7f962ce52149eba051bf384f0178ed002f1319ea

    SHA512

    94641161cf17715468de12df9b5cbdc581596f76cefbacedeae430cbdad29ade22ff8b8e45a0d297e3aaed5d6b20c86cdb99624c036621b50b1cbe5d80c0678e

    Download Submit