Overview

overview

10

Static

static

0000090900000020.exe

windows7_x64

10

0000090900000020.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0000090900000020.exe

  • Size

    365KB

  • Sample

    210119-gmsgpt3eae

  • MD5

    02fd73f99289b0c40ca3a324c4202ad9

  • SHA1

    c1e5852d43578c5a1fe378708bc493c7f59b7d45

  • SHA256

    0ef4ceb36c6bc5067390aa323ea7908be59da236315e41d0857d3426cfcc2ce1

  • SHA512

    9a90aefa67e06e1a8521f029cd3f1d81ebf4e4b844ec5654aeec278d02a629675c2e2b888ad6704ce5b1eb1f02979271469fc8c500f52ba5a1d77f5a734e8e18

Score
10/10
remcosrat

Malware Config

Targets

    • Target

      0000090900000020.exe

    • Size

      365KB

    • MD5

      02fd73f99289b0c40ca3a324c4202ad9

    • SHA1

      c1e5852d43578c5a1fe378708bc493c7f59b7d45

    • SHA256

      0ef4ceb36c6bc5067390aa323ea7908be59da236315e41d0857d3426cfcc2ce1

    • SHA512

      9a90aefa67e06e1a8521f029cd3f1d81ebf4e4b844ec5654aeec278d02a629675c2e2b888ad6704ce5b1eb1f02979271469fc8c500f52ba5a1d77f5a734e8e18

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks