Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3498668952...81.exe

windows7-x64

10

3498668952...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34986689526a986f09c61c45185a4581.zip

  • Size

    2.6MB

  • Sample

    230616-t2kpwafe6v

  • MD5

    ff996f986c32d873b19f92afced32a9e

  • SHA1

    21772ba670bb75d1160a482cfe09a809ffb41a56

  • SHA256

    73cb25c9129d5d9b51766e6efe54c27cfa70defbd43fa003d7b1245b449f7722

  • SHA512

    e8ff108b481362ce6779c6c393cfffa47e9195bc65fd1b076101dd8c18ce52b9c8a0b9d59ca67422ca7267b6dd177d5174ff9df259d6370a619131eb09b8ed2d

  • SSDEEP

    24576:Tw4QES7dxOA5ZJRDXkHr6fNHlWUcHYTAk+id1jRM2DLAthHBI2T:sDPDxlWt47d1lM2DLAthHm2T

Score
10/10
remcosororat

Malware Config

Extracted

Family

remcos

Botnet

ORO

C2

olkmnbftyujbvfd.con-ip.com:1883

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-QZT2TS

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      34986689526a986f09c61c45185a4581

    • Size

      1024.0MB

    • MD5

      be6bc5b118e0e19f09dd4b8a98a84f46

    • SHA1

      9badc3c3f408e3031ed598d5d02f90f6fc5fb8c5

    • SHA256

      be0a17f55ad9f4dcf1e45b6fca28902ba2f821aa215d65b690b8f91cdfca8b59

    • SHA512

      757659ed1708880b7bcfcc3c18b9e7bccfc5823932558fe27f85ae69eceeaeadc49f385cf6187f29f0e3a9e8474d0b4f5683039d544c652ef636809806eb8e6f

    • SSDEEP

      24576:a/8mm44MRdxUAx7Af/8s5OdvAnVUKb0OUImZOv0iLbuN7O0bM2o9KgC9ayRtknbJ:WIB5+55Ov3cayRE

    Score
    10/10
    remcosororat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.