Overview

overview

10

Static

static

SHIPMENT D...DF.exe

windows7_x64

10

SHIPMENT D...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPMENT DOCUMENTS_INV PLS DRAFT PDF.zip

  • Size

    503KB

  • Sample

    210302-yxbg456zgj

  • MD5

    90b596602149b75e2e091ea97028c641

  • SHA1

    f83e5ee1054b22a51b14285e118cad9a1905d7b4

  • SHA256

    c48110bbc17b3001c0c6faee00cd2b005cdfdb8f1df0324e8e19cbb0749bdfb5

  • SHA512

    e70ddfc16d63437aa4d914e06415865568f8914f52783207b5db1c735632cb6824f7482fccff8d951a8ca322e24ed40df96408d21080c523766973f67a055699

Score
10/10
remcospersistenceratupx

Malware Config

Targets

    • Target

      SHIPMENT DOCUMENTS_INV PLS DRAFT PDF.exe

    • Size

      1.1MB

    • MD5

      0d5df67244b695eb324a0023afa30ccd

    • SHA1

      72ab9b82cb810fc81f00a972dee493fe1973f945

    • SHA256

      d3aaddaba72db5991020a3d55db33d24ce57c0915be8f7452ae0e6ffa36d1012

    • SHA512

      c880d39ad9a85c451290c1eb2ce5fbe3002628a8b56e618e04cdbec1e9ed02c4f96e69ab4ab53fb3a0420f8a1fd5e0c88ec23b5a6fee1dada6c740170a5380a6

    Score
    10/10
    remcospersistenceratupx

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks