Overview

overview

10

Static

static

Quote.exe

windows7-x64

10

Quote.exe

windows10-2004-x64

10

Resubmissions

28/12/2022, 04:08

221228-eqfjfscd8s 10

27/12/2022, 23:18

221227-299mzagg44 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Quote.exe

  • Size

    626KB

  • Sample

    221228-eqfjfscd8s

  • MD5

    53bf54aef3233cc99c655bf3d2767c88

  • SHA1

    6dadab45c869803cec9227f07c450b9377214a5d

  • SHA256

    604c33e83b2aad9f1212a859584fa9ca71e1d2f8bdc42267e63d82400159498e

  • SHA512

    a4e148e00fedf2db729825598216f7f4f8f3076984b1c46868cf4ce7195f2185d6b8aeb5cd8687a67a25b0179bcc4c6c1439d7e9f205e11a4e9df9c31e3e6870

  • SSDEEP

    12288:2i0Ck5cFtIaerM0MKiSancGv9Gc/wXUzR7U1FdYazP+1so5T+Ci/:2hRcFpf0KSIXf/wXUVU1FnPJo5T+N

Score
10/10
remcosawele-hostrat

Malware Config

Extracted

Family

remcos

Botnet

Awele-Host

C2

gdyhjjdhbvxgsfe.gotdns.ch:2718

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    qos.exe

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc-BMFNKP

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Jm

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Quote.exe

    • Size

      626KB

    • MD5

      53bf54aef3233cc99c655bf3d2767c88

    • SHA1

      6dadab45c869803cec9227f07c450b9377214a5d

    • SHA256

      604c33e83b2aad9f1212a859584fa9ca71e1d2f8bdc42267e63d82400159498e

    • SHA512

      a4e148e00fedf2db729825598216f7f4f8f3076984b1c46868cf4ce7195f2185d6b8aeb5cd8687a67a25b0179bcc4c6c1439d7e9f205e11a4e9df9c31e3e6870

    • SSDEEP

      12288:2i0Ck5cFtIaerM0MKiSancGv9Gc/wXUzR7U1FdYazP+1so5T+Ci/:2hRcFpf0KSIXf/wXUVU1FnPJo5T+N

    Score
    10/10
    remcosawele-hostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks