remcos | 145f990406000a1e944fef609e608edd4f6a347d4038e880599bcc1fb6c709b7 | Triage

Submit
Reports

Overview

overview

Static

static

5

Quotation.exe

windows7-x64

1

Quotation.exe

windows10-2004-x64

Sharing

General

Target

145f990406000a1e944fef609e608edd4f6a347d4038e880599bcc1fb6c709b7.gz
Size

920KB
Sample

240403-bgkv2abb41
MD5

0f9c0e378126ff2574bf3915ddd07014
SHA1

29164c7b01fb5b05e1edda76c5dd400a94433272
SHA256

145f990406000a1e944fef609e608edd4f6a347d4038e880599bcc1fb6c709b7
SHA512

5b724245aa897b2c2ba544b4e3ed0f2aecc93a9bba3b4d45d6ad49b585864fca18a7e538c1c103346311249d7a5484ad056c591a883d521134ec0835e116d68f
SSDEEP

24576:IIp/sdA8JNZbSitOf5hte/dT9Ob2PBN3fLAU+hrObAQyXfrw:7pCA8SitOxreOELb+hSAfrw

Score

10^/10

remcos remotehost rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Quotation.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation.exe

Resource

win10v2004-20240226-en

remcos remotehost rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7XHN5V
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Quotation.exe
- Size
  
  1.4MB
- MD5
  
  b637de26aa293e2d88beb31e09febd46
- SHA1
  
  a800c3b4defa12246ad3d6b9e70f1aa02e2d7623
- SHA256
  
  ca52caeb15fde0f171362e3e7771edecc44f2e582cccaa0fedbd6012669076d7
- SHA512
  
  c2b8febd7e296aa35b003b5637f911dd17df2303677126d5da97de2341a4aec2ac1b3b2b5bd2bbdf8288d71d1027b4489fd75eb638153754bb50a4820bb8e437
- SSDEEP
  
  24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8a61SU+YLo06JKBqM02XjJxn:tTvC/MTQYxsWR7a6gU+OV6JKcM0uj
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosremotehostrat

© 2018-2024

Terms | Privacy