Overview

overview

10

Static

static

QUOTATION ...21.exe

windows7_x64

10

QUOTATION ...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION 19 01 2021.exe

  • Size

    862KB

  • Sample

    210119-v87jgbxvj2

  • MD5

    1ae02a184e418f3791bdf8c969fcbf99

  • SHA1

    15714713cf688f8d1b70a35915beeba2c4525f49

  • SHA256

    dfd3c33bf7be405cea03a045f3df2d9ff35f04c7da918eb916b6f224a58eea1f

  • SHA512

    ab597ddd54faee1a91f16801297363f99881d3d6a7d72bd4259b504644393dcac43467daff7ef97de987308dedfa13b0a68c399fd0849d2e9dabf350930a1968

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

87.237.165.162:1011

Targets

    • Target

      QUOTATION 19 01 2021.exe

    • Size

      862KB

    • MD5

      1ae02a184e418f3791bdf8c969fcbf99

    • SHA1

      15714713cf688f8d1b70a35915beeba2c4525f49

    • SHA256

      dfd3c33bf7be405cea03a045f3df2d9ff35f04c7da918eb916b6f224a58eea1f

    • SHA512

      ab597ddd54faee1a91f16801297363f99881d3d6a7d72bd4259b504644393dcac43467daff7ef97de987308dedfa13b0a68c399fd0849d2e9dabf350930a1968

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks