Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0b94975f5dde6feab979853991933616.bin

  • Size

    867KB

  • Sample

    230519-bc4scaed25

  • MD5

    b7d22eb8d441674b462a11aa61e46339

  • SHA1

    cdd6e50f0dd680b95d8e49269b03e7e6d7581b00

  • SHA256

    add8dea19a5377579ef947edfea661faea738c2b565ea031a1a85607b1e6bea1

  • SHA512

    091735ba772ebaf702cdb027a90ecc49f088a60446f3baac8b52e1aa271d891b7cea2fe73543b1fc77a5f9899004f59544aac48bc21d057db63c0260b4524fce

  • SSDEEP

    24576:5dGmQQeB4jqZUswdEg3sKLqNmQ3xezn6mSffgcR3dvF:5dGmQQe6jrdRUlx0VTcR7

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

seanblacin.sytes.net:6110

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    chrcrh.exe

  • copy_folder

    chrcrh

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    chrcrh

  • mouse_option

    false

  • mutex

    Rmc-FDI6XX

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    chrcrh

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      a6bf09d8242fd2933426629a504f995a5d624d555bd2f28a49876762ec0a03a6.exe

    • Size

      1.0MB

    • MD5

      0b94975f5dde6feab979853991933616

    • SHA1

      6b15f943d7ae7e265e455026a70b2116bc7a407d

    • SHA256

      a6bf09d8242fd2933426629a504f995a5d624d555bd2f28a49876762ec0a03a6

    • SHA512

      7e8a156ea625dbe2d15f76a70bd79b6a123526ee1d71450b8e16b3df069f9cf6c2d25e9ee7796d644891537ee243618ae39ede7f4e1c75a66618c9ab1e452a37

    • SSDEEP

      24576:cWRK9jeP8CWr4cBKXh83adVzgXF37tBJp:cWQ9+8Br45Xe36VS37H

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks