Overview

overview

10

Static

static

Shipment Receipt.exe

windows7_x64

10

Shipment Receipt.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipment Receipt.exe

  • Size

    645KB

  • Sample

    210114-sh7dz9q14s

  • MD5

    ff18c255222072cfb586481fb1df38e8

  • SHA1

    590ee95cd05e6df3c52c07c308ac081e28f03e1b

  • SHA256

    fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d

  • SHA512

    46c53805c144cc1fef06626c5b1df821f966b9c8c51151676b1d105795059d4de573309da61c3e148a01affff47b4446fca81cab39062c8945273344ce736854

Score
10/10
remcosratspyware

Malware Config

Targets

    • Target

      Shipment Receipt.exe

    • Size

      645KB

    • MD5

      ff18c255222072cfb586481fb1df38e8

    • SHA1

      590ee95cd05e6df3c52c07c308ac081e28f03e1b

    • SHA256

      fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d

    • SHA512

      46c53805c144cc1fef06626c5b1df821f966b9c8c51151676b1d105795059d4de573309da61c3e148a01affff47b4446fca81cab39062c8945273344ce736854

    Score
    10/10
    remcosratspyware

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks