Overview

overview

10

Static

static

Invoice Co...35.exe

windows7_x64

10

Invoice Co...35.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice Copy - PO#6500097935.xz

  • Size

    287KB

  • Sample

    210419-pryy7yd5nj

  • MD5

    3b17765f02c4395d74642ae9fcdb853c

  • SHA1

    4101e3977d2071bc0abaeec14f9bbefc3fbdecc7

  • SHA256

    a2be5e96654481124dc0f9396b8ac01c3cdedaadeaf8862df0de0d27597aa516

  • SHA512

    7a8233c9d570d389e56003ef6724a2c0c09d1b0bc0bb009ccba7cf1c88d3e18fce97539fe45cd320cc9bc95de3c5709c0986266828fc98ff676da678a17c10c6

Score
10/10
remcospersistencerat

Malware Config

Extracted

Family

remcos

C2

marstonstyl247.ddns.net:7439

Targets

    • Target

      Invoice Copy - PO#6500097935.exe

    • Size

      602KB

    • MD5

      a391fcdfa5ea3c80fb7a5554bd02fd0a

    • SHA1

      7116ca87027f642ab04ec589ab2fe09598aa5ea7

    • SHA256

      481d9a1417683843ff3bf8936227f69dbb80cad91b0c408bf30a99f889c09659

    • SHA512

      7ae8627c8c8787e15f93c2fc413d41a66ec365f3d34e7dd64e5a378edd51d70d782248e2ceff9a55b416fc7e789b7d9dc9039dd1b4db8734edfc27fb69a0144b

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks