Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3498668952...81.exe

windows7-x64

10

3498668952...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34986689526a986f09c61c45185a4581.zip

  • Size

    2.6MB

  • Sample

    230616-t2kpwafe6v

  • MD5

    ff996f986c32d873b19f92afced32a9e

  • SHA1

    21772ba670bb75d1160a482cfe09a809ffb41a56

  • SHA256

    73cb25c9129d5d9b51766e6efe54c27cfa70defbd43fa003d7b1245b449f7722

  • SHA512

    e8ff108b481362ce6779c6c393cfffa47e9195bc65fd1b076101dd8c18ce52b9c8a0b9d59ca67422ca7267b6dd177d5174ff9df259d6370a619131eb09b8ed2d

  • SSDEEP

    24576:Tw4QES7dxOA5ZJRDXkHr6fNHlWUcHYTAk+id1jRM2DLAthHBI2T:sDPDxlWt47d1lM2DLAthHm2T

Score
10/10
remcosororat

Malware Config

Extracted

Family

remcos

Botnet

ORO

C2

olkmnbftyujbvfd.con-ip.com:1883

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-QZT2TS

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      34986689526a986f09c61c45185a4581

    • Size

      1024.0MB

    • MD5

      be6bc5b118e0e19f09dd4b8a98a84f46

    • SHA1

      9badc3c3f408e3031ed598d5d02f90f6fc5fb8c5

    • SHA256

      be0a17f55ad9f4dcf1e45b6fca28902ba2f821aa215d65b690b8f91cdfca8b59

    • SHA512

      757659ed1708880b7bcfcc3c18b9e7bccfc5823932558fe27f85ae69eceeaeadc49f385cf6187f29f0e3a9e8474d0b4f5683039d544c652ef636809806eb8e6f

    • SSDEEP

      24576:a/8mm44MRdxUAx7Af/8s5OdvAnVUKb0OUImZOv0iLbuN7O0bM2o9KgC9ayRtknbJ:WIB5+55Ov3cayRE

    Score
    10/10
    remcosororat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks