Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe

  • Size

    233KB

  • Sample

    240320-cf29csea63

  • MD5

    b0e371680c2c465a447d8cb4ad0ffa57

  • SHA1

    b622b7dfb03b70219fe047abd365fe88a4316394

  • SHA256

    043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d

  • SHA512

    b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577

  • SSDEEP

    6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

chuk

C2

mexbar.duckdns.org:3119

chukwuonye.duckdns.org:3241

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-S6EIWK

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe

    • Size

      233KB

    • MD5

      b0e371680c2c465a447d8cb4ad0ffa57

    • SHA1

      b622b7dfb03b70219fe047abd365fe88a4316394

    • SHA256

      043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d

    • SHA512

      b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577

    • SSDEEP

      6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks