General

  • Target

    New Doc 20211401#_our new price.exe

  • Size

    96KB

  • Sample

    210121-xnrd5j3bxe

  • MD5

    14a7ac7e8a7cc68ee2040ea5f3bb145e

  • SHA1

    e7eabd570ec2dce1203d013a11599a8c627b527a

  • SHA256

    cb3e82e9c93c6b7b44dd782d26d22ad26f323176f8662642397d6d271754768d

  • SHA512

    ad59b75bbf9caea440cb8f45cce3b6107db9898455f017265f110ae3edc510bb20edd4f9a506d4c28a890fb11b006d1a2503c20fb18d3bfd6358b155880ddee4

Score
10/10

Malware Config

Targets

    • Target

      New Doc 20211401#_our new price.exe

    • Size

      96KB

    • MD5

      14a7ac7e8a7cc68ee2040ea5f3bb145e

    • SHA1

      e7eabd570ec2dce1203d013a11599a8c627b527a

    • SHA256

      cb3e82e9c93c6b7b44dd782d26d22ad26f323176f8662642397d6d271754768d

    • SHA512

      ad59b75bbf9caea440cb8f45cce3b6107db9898455f017265f110ae3edc510bb20edd4f9a506d4c28a890fb11b006d1a2503c20fb18d3bfd6358b155880ddee4

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks