Overview

overview

10

Static

static

10

Customer_R...42.exe

windows7_x64

10

Customer_R...42.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Customer_Receivables_Aging_20210112_2663535345242424242.exe

  • Size

    902KB

  • Sample

    210112-gnklkfjmls

  • MD5

    2de1de147c59211120377a81f62dc087

  • SHA1

    368cbb3055e620a6ff3b3856eb350d5935afe0ec

  • SHA256

    a4fb793dd11e5ed81d42933185343398edfc35894313d64eca38e672f2d95419

  • SHA512

    52f52e08f4c15677d29b868a701b658765905fc29ca051b42c1e892d84efaee3f5b08b7b59daebb8682a94d23778634195d85d6c7c24a3dd56bf0a5eb2c19000

Score
10/10
modiloaderremcospersistencerat

Malware Config

Targets

    • Target

      Customer_Receivables_Aging_20210112_2663535345242424242.exe

    • Size

      902KB

    • MD5

      2de1de147c59211120377a81f62dc087

    • SHA1

      368cbb3055e620a6ff3b3856eb350d5935afe0ec

    • SHA256

      a4fb793dd11e5ed81d42933185343398edfc35894313d64eca38e672f2d95419

    • SHA512

      52f52e08f4c15677d29b868a701b658765905fc29ca051b42c1e892d84efaee3f5b08b7b59daebb8682a94d23778634195d85d6c7c24a3dd56bf0a5eb2c19000

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks