General

  • Target

    54c80a5fe7948807fd8565063162970030d9e672de950878bf746dc21dd79c58

  • Size

    1.1MB

  • Sample

    200624-k27qy1hh9n

  • MD5

    eb820273af291486bd54f63681925424

  • SHA1

    b5928f5589ea65de468b1bdf71b1c89e2fea73f3

  • SHA256

    54c80a5fe7948807fd8565063162970030d9e672de950878bf746dc21dd79c58

  • SHA512

    33cf1bc9cdab3cb0237254f93c4d71ca32f7a1f26ccfd1dce4a83309de02714296d90f01c65ef2a602f4d5c394549b2352b4350b89a78610df6c02552b85bebd

Score
10/10

Malware Config

Extracted

Family

remcos

C2

boot.awsmppl.com:2266

coolta71.com:2266

coolta1.xzy:2266

coolta2.xzy:2266

coolget1.xzy:2266

coolcc1.xzy:2266

Targets

    • Target

      54c80a5fe7948807fd8565063162970030d9e672de950878bf746dc21dd79c58

    • Size

      1.1MB

    • MD5

      eb820273af291486bd54f63681925424

    • SHA1

      b5928f5589ea65de468b1bdf71b1c89e2fea73f3

    • SHA256

      54c80a5fe7948807fd8565063162970030d9e672de950878bf746dc21dd79c58

    • SHA512

      33cf1bc9cdab3cb0237254f93c4d71ca32f7a1f26ccfd1dce4a83309de02714296d90f01c65ef2a602f4d5c394549b2352b4350b89a78610df6c02552b85bebd

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks