Overview

overview

10

Static

static

Order1.5%.exe

windows7_x64

10

Order1.5%.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order1.5%.exe

  • Size

    620KB

  • Sample

    210114-trdnzdxv3a

  • MD5

    bbf5a0e3f2e9c7619bcdd81a23219627

  • SHA1

    80716a9ff7481f0d2ce78ae6dd65e00434315878

  • SHA256

    f05b74930aa9777625a66d2852fb0b690461ef0b5598d35b2d7959721456600d

  • SHA512

    c9b75b115f4f59083c09555d4a6bfa9becae022f8f99058bb9b5c792c46b1ffba82aa73313bf87af59b3c07165a01ec6aff900b309fed3a8a70ebc820741f6c5

Score
10/10
remcosratspyware

Malware Config

Extracted

Family

remcos

C2

igatyou.mywire.org:2021

Targets

    • Target

      Order1.5%.exe

    • Size

      620KB

    • MD5

      bbf5a0e3f2e9c7619bcdd81a23219627

    • SHA1

      80716a9ff7481f0d2ce78ae6dd65e00434315878

    • SHA256

      f05b74930aa9777625a66d2852fb0b690461ef0b5598d35b2d7959721456600d

    • SHA512

      c9b75b115f4f59083c09555d4a6bfa9becae022f8f99058bb9b5c792c46b1ffba82aa73313bf87af59b3c07165a01ec6aff900b309fed3a8a70ebc820741f6c5

    Score
    10/10
    remcosratspyware

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks