General
-
Target
200630 Kloepfel Consulting GmbH.scr
-
Size
680KB
-
Sample
200630-fpvjq7vsen
-
MD5
cd8d11d11a4a2c38bfb1ba89a9e8cef6
-
SHA1
27cdc50b73ce48a9d2e773fbda57fe11a67a1d40
-
SHA256
9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491
-
SHA512
d7efb6e34026658f0e098c028f7613ace62c36e5d10fd64185f5d5b1bb3d0d95e100e164512032d404c265c9ef448ff69c4c2055ad81a2bdff6f64d2972e27da
Malware Config
Extracted
remcos
coronanancy14-50163.portmap.io:50163
Targets
-
-
Target
200630 Kloepfel Consulting GmbH.scr
-
Size
680KB
-
MD5
cd8d11d11a4a2c38bfb1ba89a9e8cef6
-
SHA1
27cdc50b73ce48a9d2e773fbda57fe11a67a1d40
-
SHA256
9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491
-
SHA512
d7efb6e34026658f0e098c028f7613ace62c36e5d10fd64185f5d5b1bb3d0d95e100e164512032d404c265c9ef448ff69c4c2055ad81a2bdff6f64d2972e27da
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-