Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Agenzia_En...16).js

windows7-x64

8

Agenzia_En...16).js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Agenzia_Entrate (16).js

  • Size

    4KB

  • Sample

    231124-pez4tsbe41

  • MD5

    6ec662cb2923bc72fbbfbce78331109a

  • SHA1

    fe3d25c1d4164161c4075122b6f99de415da6430

  • SHA256

    9cc94cedd85793b3be9cb808dfd7e326ba1386b0bae08fee1519c1df8ea40d26

  • SHA512

    4e6476aa0442d2533a4a44d3c0bbabc106d72e5266a4e5f5d8bbe4cf36e71506e5474e84017c8d862041927b99c2af14090fc975ec8502cfecd6844f0a441241

  • SSDEEP

    96:l8rOmAMUpSH9hDks9gUQSOv0oKzPqHz8qZ/2EsL/eekJyK:2r8MUwHHDPgUJOJzRt4LGzJyK

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

listpoints.online:6090

retghrtgwtrgtg.bounceme.net:3839

listpoints.click:7020

datastream.myvnc.com:5225

gservicese.com:2718

center.onthewifi.com:8118
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    explorer.exe

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-BXAQVH

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Agenzia_Entrate (16).js

    • Size

      4KB

    • MD5

      6ec662cb2923bc72fbbfbce78331109a

    • SHA1

      fe3d25c1d4164161c4075122b6f99de415da6430

    • SHA256

      9cc94cedd85793b3be9cb808dfd7e326ba1386b0bae08fee1519c1df8ea40d26

    • SHA512

      4e6476aa0442d2533a4a44d3c0bbabc106d72e5266a4e5f5d8bbe4cf36e71506e5474e84017c8d862041927b99c2af14090fc975ec8502cfecd6844f0a441241

    • SSDEEP

      96:l8rOmAMUpSH9hDks9gUQSOv0oKzPqHz8qZ/2EsL/eekJyK:2r8MUwHHDPgUJOJzRt4LGzJyK

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks