Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

51173f4615...27.exe

windows7-x64

10

51173f4615...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51173f4615fda6188760cb468b593a27.exe

  • Size

    831KB

  • Sample

    230718-pv7hvaab96

  • MD5

    51173f4615fda6188760cb468b593a27

  • SHA1

    24795a56a6d1dcd780922eb0b8879f65019849cd

  • SHA256

    dcb2c88a0e980e5d5b2227eb3ede87e3aed37ac3a1126bbc547671763a1c102e

  • SHA512

    db94eea44597fa7bc8577588a74eb8239dc9b914cc379a119ffeac6fa499e356d2c1601ffb4a594227c5a3ff24a4c6e68df8ea1a1e8718adff514937b301adba

  • SSDEEP

    24576:uVI6+51cyQkbzsqkC3ecuPRE3oravDlwYCl:uVIFj7IqkCuZRjSlwYCl

Score
10/10
remcosfavorrat

Malware Config

Extracted

Family

remcos

Botnet

Favor

C2

favor-grace-fax.home-webserver.de:37782

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    UYGV78YHj987Ys.exe

  • copy_folder

    iu7ytrtyu

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • keylog_crypt

    true

  • keylog_file

    0987yUIO0987yUIOiuyg.dat

  • keylog_flag

    false

  • keylog_folder

    98UyghjI9Uyhg9IUY

  • mouse_option

    false

  • mutex

    -87yhJKO987ygh-DSBOY7

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      51173f4615fda6188760cb468b593a27.exe

    • Size

      831KB

    • MD5

      51173f4615fda6188760cb468b593a27

    • SHA1

      24795a56a6d1dcd780922eb0b8879f65019849cd

    • SHA256

      dcb2c88a0e980e5d5b2227eb3ede87e3aed37ac3a1126bbc547671763a1c102e

    • SHA512

      db94eea44597fa7bc8577588a74eb8239dc9b914cc379a119ffeac6fa499e356d2c1601ffb4a594227c5a3ff24a4c6e68df8ea1a1e8718adff514937b301adba

    • SSDEEP

      24576:uVI6+51cyQkbzsqkC3ecuPRE3oravDlwYCl:uVIFj7IqkCuZRjSlwYCl

    Score
    10/10
    remcosfavorrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks