Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    309d1ce137da38edc89f2914b546721d

  • Size

    300.0MB

  • Sample

    230201-zwymfacc22

  • MD5

    309d1ce137da38edc89f2914b546721d

  • SHA1

    2804df449ae311043b86d8cba0217ce63cf768da

  • SHA256

    8a6962a41ae31bdee6ff11f318c0d77d0709d8256145adb707b147c3b7a39671

  • SHA512

    ae6185276db991f457055be7b6a91bd205bcdf12b72d7e2d4129cb9fd76324923aa8b247996731f9dfaa39fba19efc1d90c8c28c814ad5678b9f4ad339501b9c

  • SSDEEP

    12288:jHHE8OGQCuVPU5bxQBRipJjJFzeKD5bD:jHHXO7PEbxQBqJDpFD

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

BLESS

C2

prosperidad777.con-ip.com:7770

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-9LORVW

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      309d1ce137da38edc89f2914b546721d

    • Size

      300.0MB

    • MD5

      309d1ce137da38edc89f2914b546721d

    • SHA1

      2804df449ae311043b86d8cba0217ce63cf768da

    • SHA256

      8a6962a41ae31bdee6ff11f318c0d77d0709d8256145adb707b147c3b7a39671

    • SHA512

      ae6185276db991f457055be7b6a91bd205bcdf12b72d7e2d4129cb9fd76324923aa8b247996731f9dfaa39fba19efc1d90c8c28c814ad5678b9f4ad339501b9c

    • SSDEEP

      12288:jHHE8OGQCuVPU5bxQBRipJjJFzeKD5bD:jHHXO7PEbxQBqJDpFD

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks