Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RADICADO No. 881232-EF98-39823 DEMANDA FISCAL 11 DE JULIO.msg
-
Size
67KB
-
Sample
230711-tvtdfaah4y
-
MD5
19d328f7406463ea2cf9b0e478bb6ce6
-
SHA1
f25caf90236a7e92a17d7fc571ed7f3beaa5d3b2
-
SHA256
86b28c90ffb9ef1c63857df39f78dbcec1afc0e83cb972da80752f77c6d112f2
-
SHA512
3996b1da007cb92b097dbd3efe627b472eb5a27e517898b9fe6293c13ad80fe5ffdda2fecb28d33fca9210ca21145dd3460d0e7b93fea02ae5728cf37fd61155
-
SSDEEP
768:0fjVlusyvaOtMv7lnxrf1tsKhsKgsHFEO44FmwsyUz3dFd8eD5+c1N48:Q/CtMzlxrf1tJIsD7sygtFfZ1
Malware Config
Extracted
remcos
11 DE JULIO 2023
anasalgadodu921.con-ip.com:5023
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-ZIW0AC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
RADICADO No. 881232-EF98-39823 DEMANDA FISCAL 11 DE JULIO.msg
-
Size
67KB
-
MD5
19d328f7406463ea2cf9b0e478bb6ce6
-
SHA1
f25caf90236a7e92a17d7fc571ed7f3beaa5d3b2
-
SHA256
86b28c90ffb9ef1c63857df39f78dbcec1afc0e83cb972da80752f77c6d112f2
-
SHA512
3996b1da007cb92b097dbd3efe627b472eb5a27e517898b9fe6293c13ad80fe5ffdda2fecb28d33fca9210ca21145dd3460d0e7b93fea02ae5728cf37fd61155
-
SSDEEP
768:0fjVlusyvaOtMv7lnxrf1tsKhsKgsHFEO44FmwsyUz3dFd8eD5+c1N48:Q/CtMzlxrf1tJIsD7sygtFfZ1
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-