Overview

overview

10

Static

static

INQUIRY.exe

windows7_x64

10

INQUIRY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INQUIRY.exe

  • Size

    447KB

  • Sample

    210423-ybhbvv88w6

  • MD5

    455e8ece9f31a1becb15adcab5be0b37

  • SHA1

    a86310fe3489c342393deef49828d8d633570916

  • SHA256

    5454ec6037767c7c675551dafd7c023e8bd974f7fce965aa94505b19151895f2

  • SHA512

    ca6edf7d575bffb19a78b31d94bdb7e1f30c41c2a77c412495a833be99049f007b7d3c678696f27b77d9b02018e1cb28970d99fdd80c93c2f1e2eb1d459784a6

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

45.144.225.221:5090

Targets

    • Target

      INQUIRY.exe

    • Size

      447KB

    • MD5

      455e8ece9f31a1becb15adcab5be0b37

    • SHA1

      a86310fe3489c342393deef49828d8d633570916

    • SHA256

      5454ec6037767c7c675551dafd7c023e8bd974f7fce965aa94505b19151895f2

    • SHA512

      ca6edf7d575bffb19a78b31d94bdb7e1f30c41c2a77c412495a833be99049f007b7d3c678696f27b77d9b02018e1cb28970d99fdd80c93c2f1e2eb1d459784a6

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks