Overview

overview

10

Static

static

ca6d1749f9...6d.exe

windows7_x64

10

ca6d1749f9...6d.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca6d1749f9645475aa7ab0ca268e31ba00817a8c70467c4d6d88bb2ca54d596d

  • Size

    335KB

  • Sample

    200629-1g6xsg1v16

  • MD5

    a6be592fb62d3e95befa3d40fe603f10

  • SHA1

    e2531f4fac0b8fcfdf87ab86b5d73a18229416c2

  • SHA256

    ca6d1749f9645475aa7ab0ca268e31ba00817a8c70467c4d6d88bb2ca54d596d

  • SHA512

    5428156b60a289d7c8009ebeb715d863f9bbd015ae834a4f213570595ca47cb4efb7ca0d16a317e7bb9cfc9123e416970064cf628f31c39ccc714181cb3893b8

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

youngboss1994.ddns.net:1965

Targets

    • Target

      ca6d1749f9645475aa7ab0ca268e31ba00817a8c70467c4d6d88bb2ca54d596d

    • Size

      335KB

    • MD5

      a6be592fb62d3e95befa3d40fe603f10

    • SHA1

      e2531f4fac0b8fcfdf87ab86b5d73a18229416c2

    • SHA256

      ca6d1749f9645475aa7ab0ca268e31ba00817a8c70467c4d6d88bb2ca54d596d

    • SHA512

      5428156b60a289d7c8009ebeb715d863f9bbd015ae834a4f213570595ca47cb4efb7ca0d16a317e7bb9cfc9123e416970064cf628f31c39ccc714181cb3893b8

    Score
    10/10
    ratremcos

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks