Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

38d45a0e0f...7f.exe

windows7-x64

10

38d45a0e0f...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4964e7f096d6b3fb575040c01238d88aa01204abd4411c9515b500299b40b830

  • Size

    905KB

  • Sample

    240417-q5cxnaca3z

  • MD5

    46ae2f3ece45f1776e1f55552f925ed5

  • SHA1

    b6820b2ced1c48909f846f697a10678ec9baf2c1

  • SHA256

    4964e7f096d6b3fb575040c01238d88aa01204abd4411c9515b500299b40b830

  • SHA512

    cb228fa7e979affc3ac33c8bb575a4915c9c7d93b72005a4dfd17958d9e7160c7d79eb744aedbeefb105bfaa87c62b25dc4b538ce4b8c6466e05d2be98762b05

  • SSDEEP

    12288:Re4tvAVvpTg2g35N1SLKBpOWrUGWM51+xZDFAqSA907cwWiiYKensyNS5c+J/5ba:RjvAFy/Z3XrUVq2LDeowZN+Nxa

Score
10/10
remcosjohn smithrat

Malware Config

Extracted

Family

remcos

Botnet

JOHN SMITH

C2

192.210.201.57:62289

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-GIZGNL

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      38d45a0e0f376be174d788c93424ef4724daad94ce4139beba1868a36d8ad47f.exe

    • Size

      997KB

    • MD5

      ccc056c533979eacb9089e27c5b24518

    • SHA1

      d85d5e3540711d86bcd798f74b6fd68deb100a8e

    • SHA256

      38d45a0e0f376be174d788c93424ef4724daad94ce4139beba1868a36d8ad47f

    • SHA512

      e2c8181bbddf2f7e391d391e0e253beb0472950ef58e371a699b4b24f471c287f14146530bd45e79e0f6d78eada493c522e7e1c55eb207ef5c1735eca249cae2

    • SSDEEP

      24576:9aj8qIR12+0LufeamU7DoLyo5yViQkZmSXwVtJ:RkLUnno5xQkQTV

    Score
    10/10
    remcosjohn smithrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks