General

  • Target

    b3e57d0381df8c35a19014a09b7980d0N.exe

  • Size

    2.0MB

  • Sample

    240815-lacaeswanf

  • MD5

    b3e57d0381df8c35a19014a09b7980d0

  • SHA1

    94e434b666eeb30c912326a37544de35913f601d

  • SHA256

    cd561d281663c60c97ba62ff7c8a870570bbe84aedcfac34b6905ec535fa7959

  • SHA512

    e65dd4cf3bb268f4e3ecab378ce20887be62dc5a5a94e18714e5a3d11a966dc08d72a7f257cbc1270bb8679b5419dc9595c35431f9fe3008125ef171f2286e49

  • SSDEEP

    24576:eDH9v7IlfGQrFEspugRN5I2D553J/J/b5tJ/jYVoaP3P:e570+QrFEBga2S3P

Malware Config

Targets

    • Target

      b3e57d0381df8c35a19014a09b7980d0N.exe

    • Size

      2.0MB

    • MD5

      b3e57d0381df8c35a19014a09b7980d0

    • SHA1

      94e434b666eeb30c912326a37544de35913f601d

    • SHA256

      cd561d281663c60c97ba62ff7c8a870570bbe84aedcfac34b6905ec535fa7959

    • SHA512

      e65dd4cf3bb268f4e3ecab378ce20887be62dc5a5a94e18714e5a3d11a966dc08d72a7f257cbc1270bb8679b5419dc9595c35431f9fe3008125ef171f2286e49

    • SSDEEP

      24576:eDH9v7IlfGQrFEspugRN5I2D553J/J/b5tJ/jYVoaP3P:e570+QrFEBga2S3P

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks