Overview

overview

10

Static

static

5

Quotation.exe

windows7-x64

10

Quotation.exe

windows10-2004-x64

1

Resubmissions

02-04-2024 16:25

240402-txb7yafd52 10

02-04-2024 16:16

240402-tqrztafa6x 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.zip

  • Size

    1012KB

  • Sample

    240402-txb7yafd52

  • MD5

    780e2bf8806f5673c736718c4385360f

  • SHA1

    9834a14e02f6d7eed79d99b14718c61aa15766b6

  • SHA256

    5f41a3813e433c05444cc3f8b3f41e4284b3b27af7c476704bcebe170098780f

  • SHA512

    f66b9baa3199a6c34bab35c21d347d387e1ddefe29bc556cd05cab0c9d0afdb1626c4bd009a31e97ad3ee7a0fa99b974732818345a71d7dc523ddde7e2f8dd11

  • SSDEEP

    12288:RRt9S9IaivA6ytWOLXKn3tnyFWL2eKCO9ORyGhsu5gD1qxTxlJTkeO6SC28tqrsN:LS93ivANhLXytnyF1/GcE5kba2YQIp3P

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-7XHN5V

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Quotation.exe

    • Size

      1.4MB

    • MD5

      b637de26aa293e2d88beb31e09febd46

    • SHA1

      a800c3b4defa12246ad3d6b9e70f1aa02e2d7623

    • SHA256

      ca52caeb15fde0f171362e3e7771edecc44f2e582cccaa0fedbd6012669076d7

    • SHA512

      c2b8febd7e296aa35b003b5637f911dd17df2303677126d5da97de2341a4aec2ac1b3b2b5bd2bbdf8288d71d1027b4489fd75eb638153754bb50a4820bb8e437

    • SSDEEP

      24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8a61SU+YLo06JKBqM02XjJxn:tTvC/MTQYxsWR7a6gU+OV6JKcM0uj

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks