Overview

overview

10

Static

static

Order no 2.exe

windows7_x64

10

Order no 2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order no 2.exe

  • Size

    335KB

  • Sample

    210115-8dzd3lkmqs

  • MD5

    2a2c8b50c3774bca1ceabe117b2c969f

  • SHA1

    4bc31c902a4edc434d53afac8dac5ccf0cea447d

  • SHA256

    4903333c4aca1501316d62fadbee470fba700b11a23fbcdbc1435ff1b73f7aaf

  • SHA512

    02a1d3f74d01a8f629a232a4108a6fda3cfa41b642641c8717d3e2381558b67149f427f7974652b103e1d94d8f98ad442bd4b62e628881b4c9d3d78ccd86869b

Score
10/10
remcospersistencerat

Malware Config

Targets

    • Target

      Order no 2.exe

    • Size

      335KB

    • MD5

      2a2c8b50c3774bca1ceabe117b2c969f

    • SHA1

      4bc31c902a4edc434d53afac8dac5ccf0cea447d

    • SHA256

      4903333c4aca1501316d62fadbee470fba700b11a23fbcdbc1435ff1b73f7aaf

    • SHA512

      02a1d3f74d01a8f629a232a4108a6fda3cfa41b642641c8717d3e2381558b67149f427f7974652b103e1d94d8f98ad442bd4b62e628881b4c9d3d78ccd86869b

    Score
    10/10
    remcosratpersistence

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks