Overview

overview

10

Static

static

QUOTATION ...20.exe

windows7_x64

7

QUOTATION ...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION 21 11 2020.exe

  • Size

    906KB

  • Sample

    201121-4rfpgm5kqa

  • MD5

    be2f5670427369fb1d7bf50e32e60f06

  • SHA1

    88412c7f107c686619ec61cec8662861744e455d

  • SHA256

    61248c209119bd790c6ad906dd9d12e7a03455c2b2f6e4b7d1432aed6ae92439

  • SHA512

    d556aebfb5e9d6225ef2d5e08e6ce7310e40895bf9b08f38df95e1a96e4cc4a01f0d087cacddbb3e067abc8b5296b11793ce6ae77dc48f4a924754bd06f71ef8

Score
10/10
remcosratspyware

Malware Config

Extracted

Family

remcos

C2

185.140.53.197:1011

Targets

    • Target

      QUOTATION 21 11 2020.exe

    • Size

      906KB

    • MD5

      be2f5670427369fb1d7bf50e32e60f06

    • SHA1

      88412c7f107c686619ec61cec8662861744e455d

    • SHA256

      61248c209119bd790c6ad906dd9d12e7a03455c2b2f6e4b7d1432aed6ae92439

    • SHA512

      d556aebfb5e9d6225ef2d5e08e6ce7310e40895bf9b08f38df95e1a96e4cc4a01f0d087cacddbb3e067abc8b5296b11793ce6ae77dc48f4a924754bd06f71ef8

    Score
    10/10
    remcosratspyware

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks