Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2ae69e681c120901c4f5f839125d81b53eabd3f22c0a50547604c15d43a33f3

  • Size

    978KB

  • Sample

    240514-h2tr1aeg6v

  • MD5

    1299c227f71353022f7ed366f9efb219

  • SHA1

    b8437949812bd190d66b656cdf99625243e0740f

  • SHA256

    b2ae69e681c120901c4f5f839125d81b53eabd3f22c0a50547604c15d43a33f3

  • SHA512

    0e5276521830eab912247cead3adb5465cd2ad9fdb784999f189c8c854c541f6a671a3bfdce7880fd6c7b4e232c22cb57cfb288a3c71957ee858f1c354c5e26d

  • SSDEEP

    24576:fpBWNjpkskxRDqaCgqxR+0B1ONqvtad0uFb0LbsC1H+imSe9:RBWNjpkskxRDqaCgqX+0B1ONqvtY0uqW

Score
10/10
remcosexecutionrat

Malware Config

Targets

    • Target

      b2ae69e681c120901c4f5f839125d81b53eabd3f22c0a50547604c15d43a33f3

    • Size

      978KB

    • MD5

      1299c227f71353022f7ed366f9efb219

    • SHA1

      b8437949812bd190d66b656cdf99625243e0740f

    • SHA256

      b2ae69e681c120901c4f5f839125d81b53eabd3f22c0a50547604c15d43a33f3

    • SHA512

      0e5276521830eab912247cead3adb5465cd2ad9fdb784999f189c8c854c541f6a671a3bfdce7880fd6c7b4e232c22cb57cfb288a3c71957ee858f1c354c5e26d

    • SSDEEP

      24576:fpBWNjpkskxRDqaCgqxR+0B1ONqvtad0uFb0LbsC1H+imSe9:RBWNjpkskxRDqaCgqX+0B1ONqvtY0uqW

    Score
    10/10
    remcosexecutionrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks