Overview

overview

10

Static

static

SHIPMENT D...DF.exe

windows7_x64

10

SHIPMENT D...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPMENT DOCUMENTS_INV PLS DRAFT PDF.exe

  • Size

    1.1MB

  • Sample

    210302-qcxvg3t946

  • MD5

    0d5df67244b695eb324a0023afa30ccd

  • SHA1

    72ab9b82cb810fc81f00a972dee493fe1973f945

  • SHA256

    d3aaddaba72db5991020a3d55db33d24ce57c0915be8f7452ae0e6ffa36d1012

  • SHA512

    c880d39ad9a85c451290c1eb2ce5fbe3002628a8b56e618e04cdbec1e9ed02c4f96e69ab4ab53fb3a0420f8a1fd5e0c88ec23b5a6fee1dada6c740170a5380a6

Score
10/10
remcospersistenceratupx

Malware Config

Targets

    • Target

      SHIPMENT DOCUMENTS_INV PLS DRAFT PDF.exe

    • Size

      1.1MB

    • MD5

      0d5df67244b695eb324a0023afa30ccd

    • SHA1

      72ab9b82cb810fc81f00a972dee493fe1973f945

    • SHA256

      d3aaddaba72db5991020a3d55db33d24ce57c0915be8f7452ae0e6ffa36d1012

    • SHA512

      c880d39ad9a85c451290c1eb2ce5fbe3002628a8b56e618e04cdbec1e9ed02c4f96e69ab4ab53fb3a0420f8a1fd5e0c88ec23b5a6fee1dada6c740170a5380a6

    Score
    10/10
    remcospersistenceratupx

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks