Overview

overview

10

Static

static

QUOTATION.exe

windows7_x64

10

QUOTATION.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION.exe

  • Size

    1.1MB

  • Sample

    210118-ab8bpwnwb6

  • MD5

    848bfb3ad0bfdf896826370e1e567fcc

  • SHA1

    54226c763412ca16832d5e11e1d9165c1df13534

  • SHA256

    5e31a4916e479c18347d59e0a98dc12738efb5acbad3ba3e677fb24fd87e7adc

  • SHA512

    d3c77db32580cb9c27c6307bd6c4cb568a73dfb7ace91d6d3eec2acfa0ff4fcecc79f6c91e234badf59f15076e692189a5b77ddabbad0105d690a37a491ce85a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

79.134.225.100:1011

Targets

    • Target

      QUOTATION.exe

    • Size

      1.1MB

    • MD5

      848bfb3ad0bfdf896826370e1e567fcc

    • SHA1

      54226c763412ca16832d5e11e1d9165c1df13534

    • SHA256

      5e31a4916e479c18347d59e0a98dc12738efb5acbad3ba3e677fb24fd87e7adc

    • SHA512

      d3c77db32580cb9c27c6307bd6c4cb568a73dfb7ace91d6d3eec2acfa0ff4fcecc79f6c91e234badf59f15076e692189a5b77ddabbad0105d690a37a491ce85a

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks