Overview

overview

10

Static

static

3

IT Gadget_RFQ.exe

windows7-x64

10

IT Gadget_RFQ.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57fc9b56b7887f6e0fd20e60199d0123db28f2051abfabf7b924298c276cdf91

  • Size

    904KB

  • Sample

    240906-tza3naweqq

  • MD5

    79179e3daa877d62be667f3988288852

  • SHA1

    2ef6269d1409c8f97451b102de61d36eb57bdcbd

  • SHA256

    57fc9b56b7887f6e0fd20e60199d0123db28f2051abfabf7b924298c276cdf91

  • SHA512

    8c9c733a057450dbe9f00c5d15ea21eef7651c77b090383e5fcde16a0eb3cc25b2bf3c37e8ff3a0a578032f8f03dc4f4b388d8d9c1d0ba8aa76c91bb18f16acb

  • SSDEEP

    24576:fieou/IyWCqJB2N0tKYqupjVbRPcUnzMyPLe2Ae:fieouAyzGB2RYqspxcMzhPLe27

Score
10/10
remcosdiscoveryexecutionrat

Malware Config

Targets

    • Target

      IT Gadget_RFQ.exe

    • Size

      975KB

    • MD5

      826b3ba76c427c9ddc756b6c84cd39f5

    • SHA1

      dd47f1472496c0137c5ba9f03bf6e8d55158f651

    • SHA256

      c6b113d59ce488200203bb30c67ed4b9ae483eb398b0e6cfa69357e3e20bc051

    • SHA512

      6a15c01ac8e3acec2e596cf384e7c2f60676e7a3fa82b40bb397c9d6d05ab8c49895753ea7f1cb4d2fb1c72e036ea5415668d482e8e908b35351d957aa1391c8

    • SSDEEP

      24576:OUobyWLfvFCY7BgbOtAmAGXB+PcU0LNlL:XgLfvIEBgDmAG2cvPL

    Score
    10/10
    remcosdiscoveryexecutionrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks