Overview

overview

10

Static

static

1

Main.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Main.vbs

  • Size

    645KB

  • Sample

    240902-x9ys9awarn

  • MD5

    a03581c351404c25974d9d8c022cabd1

  • SHA1

    daf6e824953e089737b01d0c4056cdc0992850b9

  • SHA256

    b84c3c1e700100c0d6b1c772095a3906b1182396f1d3edc4a54edb9b6b1f14ee

  • SHA512

    fa1b0b446e3fc8784ade996a2646d0e1b7ed8c3ee15ef78ede8c1d2a06ae9b68df631faea3164850c9b8e92ba030d0175e535b0993a7d06bdaa83529b0b16bb4

  • SSDEEP

    12288:ckOTDFNXjOsggjpM3IzJquTTYuDu6pELjN/nwVNN6:c/VNlVjpRJ7TTYuDfcjN/wDA

Score
10/10
remcosexecutionrat

Malware Config

Targets

    • Target

      Main.vbs

    • Size

      645KB

    • MD5

      a03581c351404c25974d9d8c022cabd1

    • SHA1

      daf6e824953e089737b01d0c4056cdc0992850b9

    • SHA256

      b84c3c1e700100c0d6b1c772095a3906b1182396f1d3edc4a54edb9b6b1f14ee

    • SHA512

      fa1b0b446e3fc8784ade996a2646d0e1b7ed8c3ee15ef78ede8c1d2a06ae9b68df631faea3164850c9b8e92ba030d0175e535b0993a7d06bdaa83529b0b16bb4

    • SSDEEP

      12288:ckOTDFNXjOsggjpM3IzJquTTYuDu6pELjN/nwVNN6:c/VNlVjpRJ7TTYuDfcjN/wDA

    Score
    10/10
    remcosexecutionrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks