Overview

overview

10

Static

static

5

Quotation.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03042025_0828_02042025_Quotation.gz

  • Size

    838KB

  • Sample

    250403-kczcasszg1

  • MD5

    8abfb83286c1fbd082c3224b48f550ec

  • SHA1

    3172654926af46c955e56b4d2f3b846727063bda

  • SHA256

    d18b39b5ee863d8274e7e9a53b5df6300bc1b01e3d62f3fa59c6a63a79389cce

  • SHA512

    1f2fb2c8024c131a59f2913d835eebc44fbfd63ce583b16b8f0cf07cb875eed83dfe71a8c01beb3112532d24aeb4179e2077cb94e3f7f8fb4f140c5f821d02e0

  • SSDEEP

    24576:4RqB5bAha78F2s2xD0BuG3vkjamWdba4D3DgR/MF6Qj6Y:JzCg8Fpaafk9WcCUGn

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

196.251.86.41:2404

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-83VOGC

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Quotation.exe

    • Size

      1.3MB

    • MD5

      e977a5a34debb3c0d149c501a79e1c26

    • SHA1

      a56bf47f641e37dc4c5cd071d8ffe93400161b75

    • SHA256

      ac0c3e2880e025ddba8da36cd191b666b9dc88b120a74c3357386ad5e766f747

    • SHA512

      570352094bd0bf801da20bb9e37034556a64d81ad2dcb20db5ee79c9bd7799833e580f55fff2afa5258f606e349f7c4713071e5846d5b1d857a7d74c622f1139

    • SSDEEP

      24576:Fu6J33O0c+JY5UZ+XC0kGso6FasxjKI1T1GpUQ7M3UF4KvcKlWY:Hu0c++OCvkGs9Fasx/1Tkpn7ME9viY

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks