Overview

overview

10

Static

static

INVOICE0980089.exe

windows7_x64

10

INVOICE0980089.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE0980089.exe

  • Size

    210KB

  • Sample

    210118-x3zxlq8aq6

  • MD5

    8f69889d68b8a1a762ec97fe28887191

  • SHA1

    43d1e848d5f4bf3ee4d343dd450c9b93e08deadb

  • SHA256

    5bbd60cad168f89d677053a118f2b46db43e66dda2815dfc41e972b9d2067d69

  • SHA512

    7aa123cca3784bd682ab62efdcd458cc1a69ecf8f205282a1723cad6c6bd78666d85273f75b774f7eb93a2a77cb6baab167da5c97c2e66f6846ff7c85a944424

Score
10/10
remcosrat

Malware Config

Targets

    • Target

      INVOICE0980089.exe

    • Size

      210KB

    • MD5

      8f69889d68b8a1a762ec97fe28887191

    • SHA1

      43d1e848d5f4bf3ee4d343dd450c9b93e08deadb

    • SHA256

      5bbd60cad168f89d677053a118f2b46db43e66dda2815dfc41e972b9d2067d69

    • SHA512

      7aa123cca3784bd682ab62efdcd458cc1a69ecf8f205282a1723cad6c6bd78666d85273f75b774f7eb93a2a77cb6baab167da5c97c2e66f6846ff7c85a944424

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks