Overview

overview

10

Static

static

009090INVO.exe

windows7_x64

10

009090INVO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    009090INVO.exe

  • Size

    208KB

  • Sample

    210113-s9qcp85eqn

  • MD5

    12c0f2c2f78e86429d18f146a59dec74

  • SHA1

    02220971c2c31549f26dee200024c6cce84a2375

  • SHA256

    5df5e69f38e5fc641a089f213a2791aa1a9d9df801093a6dbd3bfb680c38884c

  • SHA512

    0b7dc9853b26a007a006ccd2c02effc449213e627db2a01c5b8a174b21759116c56d9e97c1168732a2d97c66df4bb6ba9ffb32b60205032f42531357f90a538e

Score
10/10
remcosratupx

Malware Config

Extracted

Family

remcos

C2

72.11.157.241:4445

Targets

    • Target

      009090INVO.exe

    • Size

      208KB

    • MD5

      12c0f2c2f78e86429d18f146a59dec74

    • SHA1

      02220971c2c31549f26dee200024c6cce84a2375

    • SHA256

      5df5e69f38e5fc641a089f213a2791aa1a9d9df801093a6dbd3bfb680c38884c

    • SHA512

      0b7dc9853b26a007a006ccd2c02effc449213e627db2a01c5b8a174b21759116c56d9e97c1168732a2d97c66df4bb6ba9ffb32b60205032f42531357f90a538e

    Score
    10/10
    remcosratupx

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks