Overview

overview

10

Static

static

3

1f7ca25d94...2N.exe

windows7-x64

8

1f7ca25d94...2N.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f7ca25d94289d08e87326015bdbefdeb300ea26fa77561f6713ed3e3be5bf52N

  • Size

    1.0MB

  • Sample

    250113-kyf3vaylcn

  • MD5

    154ee474a1605a4a471cf44de4c73710

  • SHA1

    33f7e705925c1af1a6ca6c81da5be0d74175ed06

  • SHA256

    1f7ca25d94289d08e87326015bdbefdeb300ea26fa77561f6713ed3e3be5bf52

  • SHA512

    4babff273de2527724defd713d8d322f40717fe55ad5ded33f8997d6cd9cdfa797230a68928e7dde8eea6c60a19761fb510025649185584363da5fdfe43fa5d7

  • SSDEEP

    24576:fG6Wnz1p0C9+xk/rsvMXIojT5Ubcq7xLUsZdKaL7IEGJRTCg071Kp:u9oCEx8r6MXb5UhxHZdt7cHTDwKp

Score
10/10
remcosdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      1f7ca25d94289d08e87326015bdbefdeb300ea26fa77561f6713ed3e3be5bf52N

    • Size

      1.0MB

    • MD5

      154ee474a1605a4a471cf44de4c73710

    • SHA1

      33f7e705925c1af1a6ca6c81da5be0d74175ed06

    • SHA256

      1f7ca25d94289d08e87326015bdbefdeb300ea26fa77561f6713ed3e3be5bf52

    • SHA512

      4babff273de2527724defd713d8d322f40717fe55ad5ded33f8997d6cd9cdfa797230a68928e7dde8eea6c60a19761fb510025649185584363da5fdfe43fa5d7

    • SSDEEP

      24576:fG6Wnz1p0C9+xk/rsvMXIojT5Ubcq7xLUsZdKaL7IEGJRTCg071Kp:u9oCEx8r6MXb5UhxHZdt7cHTDwKp

    Score
    10/10
    discoverypersistenceupxremcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks