Overview

overview

10

Static

static

CompanyLicense.exe

windows7_x64

10

CompanyLicense.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CompanyLicense.exe

  • Size

    96KB

  • Sample

    210119-stwgwhdhj2

  • MD5

    ace3e9fc3a2277aa4e72881c9f204642

  • SHA1

    50337a4aa52b65cac5fd2745c3fe7d88d503d00f

  • SHA256

    c6cf35735aff0eba459a6a1f4b65722ba08dfb0beed54b0df8e9be3ec3edba98

  • SHA512

    9220fe497f297ae1d86a13dd28fffc381a6945ac49cc2f3b904d605a193af00daaf18b6bc4f6e85d93f6a80b29d34dd56d7269bbc11b46d98319e571989e721f

Score
10/10
remcospersistencerat

Malware Config

Targets

    • Target

      CompanyLicense.exe

    • Size

      96KB

    • MD5

      ace3e9fc3a2277aa4e72881c9f204642

    • SHA1

      50337a4aa52b65cac5fd2745c3fe7d88d503d00f

    • SHA256

      c6cf35735aff0eba459a6a1f4b65722ba08dfb0beed54b0df8e9be3ec3edba98

    • SHA512

      9220fe497f297ae1d86a13dd28fffc381a6945ac49cc2f3b904d605a193af00daaf18b6bc4f6e85d93f6a80b29d34dd56d7269bbc11b46d98319e571989e721f

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks