Overview

overview

10

Static

static

QUOTATION ...21.exe

windows7_x64

10

QUOTATION ...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION 18 1 2021.exe

  • Size

    1011KB

  • Sample

    210118-3cywatqg9s

  • MD5

    86bf1b4b8a10cbad324603bdfe946f90

  • SHA1

    efa4298cbc45052986d42c59564ff37b56a61925

  • SHA256

    721059bc4edd6685620382cf7c1f86f95f8b20317e4bb22d0e8d364705f73c2e

  • SHA512

    78ed2a27fd6496f34314ba2b32e3d37d2f6dd2ac32fd5ec932865087ae2a622ca3dac4e2ae8db69bc014d805f39d6cf2e16edaf654e07d276e355d6c0bd2a106

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

79.134.225.100:1011

Targets

    • Target

      QUOTATION 18 1 2021.exe

    • Size

      1011KB

    • MD5

      86bf1b4b8a10cbad324603bdfe946f90

    • SHA1

      efa4298cbc45052986d42c59564ff37b56a61925

    • SHA256

      721059bc4edd6685620382cf7c1f86f95f8b20317e4bb22d0e8d364705f73c2e

    • SHA512

      78ed2a27fd6496f34314ba2b32e3d37d2f6dd2ac32fd5ec932865087ae2a622ca3dac4e2ae8db69bc014d805f39d6cf2e16edaf654e07d276e355d6c0bd2a106

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks