Quote.exe

General
Target

Quote.exe

Size

233KB

Sample

210217-tzlm4actmn

Score
10 /10
MD5

a96067cac28b1f5c3de4e1b6c7d0a402

SHA1

51c65c8ece4bfd5c7d1b09105440f3f02d3b14ca

SHA256

79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222

SHA512

1627058a9a884965bce4ece1ccf03c24a849cd79fe883c923ae2eb56c8e0bbb730cf823e550c080685af1f906a38f2847a65dc8ed236181d97eee9ddcfc3f96e

Malware Config

Extracted

Family remcos
C2

103.89.88.238:4299

Targets
Target

Quote.exe

MD5

a96067cac28b1f5c3de4e1b6c7d0a402

Filesize

233KB

Score
10 /10
SHA1

51c65c8ece4bfd5c7d1b09105440f3f02d3b14ca

SHA256

79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222

SHA512

1627058a9a884965bce4ece1ccf03c24a849cd79fe883c923ae2eb56c8e0bbb730cf823e550c080685af1f906a38f2847a65dc8ed236181d97eee9ddcfc3f96e

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10