Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1cd7eb198e...fd.exe

windows7-x64

10

1cd7eb198e...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cd7eb198eefb598963f5f963caaf0fd.zip

  • Size

    2.6MB

  • Sample

    230711-1yn2fsah27

  • MD5

    96ecafc578b4918c3d4bab74ea335705

  • SHA1

    584b1067123a25df7c03a2ad177a213ff3dbef31

  • SHA256

    6edd2025975d404dd03d29587b323816831ae47fb71f2feef4abf090d5455af2

  • SHA512

    55ec6a2df23204f12ac2601855b3aa18c32672726d7957b007526249fb6e47565f02652e0ef00966ec654d4bdff0ea03f08cf515da71f76ca6f9c4a1891edf81

  • SSDEEP

    24576:r2l013XKeEjtI8O/4wZsScGK4ASPWZTaQHXRgd+gUG8mKE88P0Lj+ENfRT+Op:rMM3HEjJOlZ1cN4VWxTXRgdggKkG7pb

Score
10/10
remcosororat

Malware Config

Extracted

Family

remcos

Botnet

ORO

C2

anueljose.con-ip.com:1883

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-F6VG7C

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      1cd7eb198eefb598963f5f963caaf0fd

    • Size

      1024.0MB

    • MD5

      9ae018da102c2ea8f58578d25ce59df2

    • SHA1

      1b0a2c45c27f8e7405754dc699a86f9c08e7aecb

    • SHA256

      c26dcc6aa5d1658a2e3027a13b7edbec7b86aeec2214149952e91e7d01418183

    • SHA512

      c76501d2f5ef7519ecfd69751948737d66f982beae0b723ff8aa5b6071aabb77a1e7d1e253c3a44aec609a0d4861677aa4a631b35e342df0820a59263400f28d

    • SSDEEP

      24576:0GQxrRI0xlAuFbKgKhn8eSWdvAzh46vMGgY6lOPYiLbuN7O0bM2oBq02dmWx1UL5:0rIKlAuvKhnlS+d5OPvsmWxw

    Score
    10/10
    remcosororat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks