remcos | 192a4af0675a942cf3ab49f8b8ac7a6508b1c09fcb90d2003611b67485201b24 | Triage

Submit
Reports

Overview

overview

Static

static

5

Quotation.exe

windows7-x64

Quotation.exe

windows10-2004-x64

1

Sharing

General

Target

Quotation.PDF.gz
Size

853KB
Sample

240403-hxmswsah93
MD5

de41dc41b64240b159c0666e531e008e
SHA1

530a54f035e0dedb974f2246ac0f7f52516691d7
SHA256

192a4af0675a942cf3ab49f8b8ac7a6508b1c09fcb90d2003611b67485201b24
SHA512

dc0da441a9a596701e7c186f1965d5cf841913d82abe01871f725062090206142018552241af7a4ac016d6439c16b78a3d7d56a06ea5c2500b48e3a1399cc3db
SSDEEP

24576:A1CuLCsUhygrmA5rY/itlCi0vJCoRSZky2KSZ:+lUhy+PciCrUt2KSZ

Score

10^/10

remcos remotehost rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Quotation.exe

Resource

win7-20240221-en

remcos remotehost rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7XHN5V
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Quotation.exe
- Size
  
  1.3MB
- MD5
  
  d9b34a5d20cce6b325ee7faa90256a06
- SHA1
  
  d71e29f815151a74205b14c371333d691ba9830e
- SHA256
  
  470b539a4e4519ea56b67b517ad48a5ff794a740b39ffff1eb834b568fb77e52
- SHA512
  
  34b081577999c0cf1265489f659e246bcd228673ff55a623f72992d5e5c85f2fcb781a57f82ccad47d3c509516dd8fd745c69e2ba5f92603e766e5ab8961a612
- SSDEEP
  
  24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aMSAweUh8tsg+4yNBb:iTvC/MTQYxsWR7aMSAEG68y/
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2

© 2018-2024

Terms | Privacy