Overview

overview

10

Static

static

Wjhus orde...21.exe

windows7_x64

6

Wjhus orde...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wjhus order 13.1.2021.exe

  • Size

    374KB

  • Sample

    210113-xkh9tx4y82

  • MD5

    20663ecc753600bebd55fbc4c3fff85e

  • SHA1

    6f14c5bd02dca7c1a58965ccb26a10ef8aa95aea

  • SHA256

    01c59004eb5e4390f96dc41ca001c9bd036068645fb55a922cded1ee1ecf014c

  • SHA512

    d3e2e219fac00dcb53d3f2ef1e789110681183ce22e32191c11c404f816ee4d2b342a5090288907e21d17dc779e9a9baede05aeb20390cacbc047be486f681af

Score
10/10
remcospersistenceratspyware

Malware Config

Targets

    • Target

      Wjhus order 13.1.2021.exe

    • Size

      374KB

    • MD5

      20663ecc753600bebd55fbc4c3fff85e

    • SHA1

      6f14c5bd02dca7c1a58965ccb26a10ef8aa95aea

    • SHA256

      01c59004eb5e4390f96dc41ca001c9bd036068645fb55a922cded1ee1ecf014c

    • SHA512

      d3e2e219fac00dcb53d3f2ef1e789110681183ce22e32191c11c404f816ee4d2b342a5090288907e21d17dc779e9a9baede05aeb20390cacbc047be486f681af

    Score
    10/10
    persistenceremcosratspyware

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks