General

  • Target

    c000c20f354b21e121f89647fcc8ce60N.exe

  • Size

    124KB

  • Sample

    240723-qpxl5ascrp

  • MD5

    c000c20f354b21e121f89647fcc8ce60

  • SHA1

    e10422339e88143cd8187562fc2cf344d6ad5e4d

  • SHA256

    710c780494b8c14c5f9167014ea8d75638d506c5dd674c5ce9aa95a3b991e001

  • SHA512

    ca90781ebebe9f95468a0abcb40dc64ec38312c8154f53f67b83a2bd588076436f0e32fc1e3156234e0ad29b8a92e512997cd28dc9686a23a5088a7c4ed29772

  • SSDEEP

    3072:n02ia5PvMCqf+5c4NMl+XAplorLRfDpVY+zMMbG7L:n02iaJMRmmyu+wplorLRfDpK+zMMb8

Score
10/10

Malware Config

Targets

    • Target

      c000c20f354b21e121f89647fcc8ce60N.exe

    • Size

      124KB

    • MD5

      c000c20f354b21e121f89647fcc8ce60

    • SHA1

      e10422339e88143cd8187562fc2cf344d6ad5e4d

    • SHA256

      710c780494b8c14c5f9167014ea8d75638d506c5dd674c5ce9aa95a3b991e001

    • SHA512

      ca90781ebebe9f95468a0abcb40dc64ec38312c8154f53f67b83a2bd588076436f0e32fc1e3156234e0ad29b8a92e512997cd28dc9686a23a5088a7c4ed29772

    • SSDEEP

      3072:n02ia5PvMCqf+5c4NMl+XAplorLRfDpVY+zMMbG7L:n02iaJMRmmyu+wplorLRfDpK+zMMb8

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks