Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

96827f1fe3...09.ps1

windows7-x64

10

96827f1fe3...09.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96827f1fe360ee7a1bd51e5059cc0809

  • Size

    1.7MB

  • Sample

    240212-hd5jlagg26

  • MD5

    96827f1fe360ee7a1bd51e5059cc0809

  • SHA1

    e73f2650c707192f627de4eae1f94dfc15249102

  • SHA256

    664366376cf61a783a4ceec1b77bcb77c23459a4314e65ac25f75c91f23a3a35

  • SHA512

    fe8df1c653123bc45d3a4fdd308844fbdb901682a815705d867568ba2b17bcd64c7fefda8d0379d79e2197beef48b24d69dd13ff60565dd9ed47b21363c84a24

  • SSDEEP

    1536:5wG7MA34KtGjNnRm9aTpYlIgayfLyhmyORtjIPxplXCZInfLwbkSOW+69VYH9g3y:5A

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Version

3.2.0 Pro

Botnet

RemoteHost

C2

toornavigator.sytes.net:35500

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    logs

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Explorer-L4H7CG

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    notepad;solitaire;

Targets

    • Target

      96827f1fe360ee7a1bd51e5059cc0809

    • Size

      1.7MB

    • MD5

      96827f1fe360ee7a1bd51e5059cc0809

    • SHA1

      e73f2650c707192f627de4eae1f94dfc15249102

    • SHA256

      664366376cf61a783a4ceec1b77bcb77c23459a4314e65ac25f75c91f23a3a35

    • SHA512

      fe8df1c653123bc45d3a4fdd308844fbdb901682a815705d867568ba2b17bcd64c7fefda8d0379d79e2197beef48b24d69dd13ff60565dd9ed47b21363c84a24

    • SSDEEP

      1536:5wG7MA34KtGjNnRm9aTpYlIgayfLyhmyORtjIPxplXCZInfLwbkSOW+69VYH9g3y:5A

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.