Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a8ede123-1d9d-4c89-83d2-2d70f08195c6 |
| Fingerprint | 8c4d0f340ced0641 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 10, 2022, 10:58 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021 |
| Title | Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021 |
| Detected Hints/Tags/Attributes | 73/4/27 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 45 | paste.ee |
|
| Details | Domain | 22 | research.splunk.com |
|
| Details | File | 6 | dynwrapx.dll |
|
| Details | File | 4 | pubprn.vbs |
|
| Details | File | 1 | c:\windows\winhlp32.exe |
|
| Details | File | 1 | sysmon.log |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 4 | winhlp32.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 1 | %windir%\\system32\\regsvr32.exe |
|
| Details | File | 83 | installutil.exe |
|
| Details | File | 1 | %windir%\\syswow64\\wscript.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 35 | pwsh.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 6 | dxdiag.exe |
|
| Details | File | 10 | webbrowserpassview.exe |
|
| Details | File | 3 | invoice.vbs |
|
| Details | File | 5 | remcos.dll |
|
| Details | File | 1 | stage1.vbs |
|
| Details | sha256 | 1 | cb77b93150cb0f7fe65ce8a7e2a5781e727419451355a7736db84109fa215a89 |
|
| Details | sha256 | 1 | ff169ae934b92a2dfe78f4793c60256d4f36992a0e1218ed6b6d59b3809ed210 |
|
| Details | sha256 | 2 | 4ef3a6703abc6b2b8e2cac3031c1e5b86fe8b377fde92737349ee52bd2604379 |
|
| Details | sha256 | 1 | c344723295279aaaf2a4220a77d74db903985264cf3adfba5015f9f31f0dddec |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |