Overview

overview

10

Static

static

Due Invoices.exe

windows7_x64

10

Due Invoices.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Due Invoices.exe

  • Size

    410KB

  • Sample

    210430-qmaa2y8w8s

  • MD5

    98a8aeb1ab92c13aa646d3ca22d91286

  • SHA1

    d9d1985d9d6dc8e1af4894ff2716e758fe5d5f29

  • SHA256

    96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616

  • SHA512

    0a1565ca50782184fb4b106b9c119881260618969b5942bb33eef1dbb18a6960866c756720768af5ef2cf4c19f02597866ce17f4d93d58344130f405877c4934

Score
10/10
remcosrat

Malware Config

Targets

    • Target

      Due Invoices.exe

    • Size

      410KB

    • MD5

      98a8aeb1ab92c13aa646d3ca22d91286

    • SHA1

      d9d1985d9d6dc8e1af4894ff2716e758fe5d5f29

    • SHA256

      96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616

    • SHA512

      0a1565ca50782184fb4b106b9c119881260618969b5942bb33eef1dbb18a6960866c756720768af5ef2cf4c19f02597866ce17f4d93d58344130f405877c4934

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks