Overview

overview

10

Static

static

3

049ccb277f...0N.exe

windows10-2004-x64

10

Resubmissions

05-09-2024 06:49

240905-hlqemsvdkm 10

05-09-2024 06:43

240905-hg74wswbrh 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    049ccb277f6c9e2816347b2d51df7ba0N.exe

  • Size

    4.3MB

  • Sample

    240905-hlqemsvdkm

  • MD5

    049ccb277f6c9e2816347b2d51df7ba0

  • SHA1

    b78da518b845bacca6ecd4595f751a8e6c41c4d6

  • SHA256

    dbd90ffa51b2ec9e716642d651d5740f2a9e376db28b217dbc31ab89b5362409

  • SHA512

    4250cf0ca6815f97265eb7924095c84a8fe41e463bcf172802e72ba5c045f999f23411a994a21d73cab270fe22287e44b33d5314f5b120ab5fad79c53e8a4559

  • SSDEEP

    98304:gC11IMjItWMFAetMtXjxhmZrC11IMjItWMFAetMtXjxhmZY4T:ghSMFjO7mZrhSMFjO7mZY

Score
10/10
remcosdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      049ccb277f6c9e2816347b2d51df7ba0N.exe

    • Size

      4.3MB

    • MD5

      049ccb277f6c9e2816347b2d51df7ba0

    • SHA1

      b78da518b845bacca6ecd4595f751a8e6c41c4d6

    • SHA256

      dbd90ffa51b2ec9e716642d651d5740f2a9e376db28b217dbc31ab89b5362409

    • SHA512

      4250cf0ca6815f97265eb7924095c84a8fe41e463bcf172802e72ba5c045f999f23411a994a21d73cab270fe22287e44b33d5314f5b120ab5fad79c53e8a4559

    • SSDEEP

      98304:gC11IMjItWMFAetMtXjxhmZrC11IMjItWMFAetMtXjxhmZY4T:ghSMFjO7mZrhSMFjO7mZY

    Score
    10/10
    remcosdiscoveryexecutionpersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks