General

  • Target

    Quotation.exe

  • Size

    705KB

  • Sample

    210120-my8phmkc7j

  • MD5

    b9f6829c06d90ae2987a7d4beb4ebf5d

  • SHA1

    687b26e24d9bf836674ea0dbb82f47f38a7dd74d

  • SHA256

    4573443acbca7a1f829d721f95c2944a6a2ddd97a4bf484fd993f748d298b285

  • SHA512

    e6722cce136bc622358e15adcdecde8b10486cd11946e54e102cbc0373b19c9385f8586774f9299cdf97f6359920d02f321f52d140a7814fdec7fdb1c4947779

Malware Config

Extracted

Family

remcos

C2

whatgodcannotdodoestnotexist.duckdns.org:2559

Targets

    • Target

      Quotation.exe

    • Size

      705KB

    • MD5

      b9f6829c06d90ae2987a7d4beb4ebf5d

    • SHA1

      687b26e24d9bf836674ea0dbb82f47f38a7dd74d

    • SHA256

      4573443acbca7a1f829d721f95c2944a6a2ddd97a4bf484fd993f748d298b285

    • SHA512

      e6722cce136bc622358e15adcdecde8b10486cd11946e54e102cbc0373b19c9385f8586774f9299cdf97f6359920d02f321f52d140a7814fdec7fdb1c4947779

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Tasks