Overview

overview

10

Static

static

5

Quotation.exe

windows7-x64

1

Quotation.exe

windows10-2004-x64

10

Resubmissions

03-04-2024 11:36

240403-nqx8yacf21 10

03-04-2024 11:33

240403-nnxjmace81 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    1.3MB

  • Sample

    240403-nqx8yacf21

  • MD5

    d9b34a5d20cce6b325ee7faa90256a06

  • SHA1

    d71e29f815151a74205b14c371333d691ba9830e

  • SHA256

    470b539a4e4519ea56b67b517ad48a5ff794a740b39ffff1eb834b568fb77e52

  • SHA512

    34b081577999c0cf1265489f659e246bcd228673ff55a623f72992d5e5c85f2fcb781a57f82ccad47d3c509516dd8fd745c69e2ba5f92603e766e5ab8961a612

  • SSDEEP

    24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aMSAweUh8tsg+4yNBb:iTvC/MTQYxsWR7aMSAEG68y/

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-7XHN5V

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Quotation.exe

    • Size

      1.3MB

    • MD5

      d9b34a5d20cce6b325ee7faa90256a06

    • SHA1

      d71e29f815151a74205b14c371333d691ba9830e

    • SHA256

      470b539a4e4519ea56b67b517ad48a5ff794a740b39ffff1eb834b568fb77e52

    • SHA512

      34b081577999c0cf1265489f659e246bcd228673ff55a623f72992d5e5c85f2fcb781a57f82ccad47d3c509516dd8fd745c69e2ba5f92603e766e5ab8961a612

    • SSDEEP

      24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aMSAweUh8tsg+4yNBb:iTvC/MTQYxsWR7aMSAEG68y/

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks