Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

729038a854...3a.exe

windows7-x64

3

729038a854...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33b93022b2151a6acfd85b4c1530bf9810370114fd1f16224ed7bd5e87992cec

  • Size

    10KB

  • Sample

    240419-t82xqshe56

  • MD5

    c14419b0a65d3d95f6c0bbdfd644dd13

  • SHA1

    f088159c9a34ad08967fb762dc0e580bfca6c42c

  • SHA256

    33b93022b2151a6acfd85b4c1530bf9810370114fd1f16224ed7bd5e87992cec

  • SHA512

    a7ad6f51a7811c5b3b88072bd0ed5c7ae042bf8521f58f35957c632f6460ccec107b16dae192c17cc1ef95c4096dc4f0540acc07b41d0e1a52d3f6f99fe58336

  • SSDEEP

    192:CQXOjl0ISYzEFbujz2z9BqOQwpyl/jV9lHDMUDWNIV5cCVGibtbfOgV:CQXOjGbuj6ZwrFLXljBiNIVJGibtaw

Score
10/10
remcosawopersistencerat

Malware Config

Extracted

Family

remcos

Botnet

awo

C2

103.67.196.125:4505

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-IXY4DW

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      729038a854a7fdd96dc12d7617b353b0b732afa745d292ce0aff5581718f633a.exe

    • Size

      24KB

    • MD5

      fab8548874584d852c528aa322d3b028

    • SHA1

      4a9ea79bbdcaacb00e49d3cd46f3f16834e63800

    • SHA256

      729038a854a7fdd96dc12d7617b353b0b732afa745d292ce0aff5581718f633a

    • SHA512

      b43e73baf6d93f4e3d8c685bb354e53fb6edf8b6c1d79e8b1d7ccb488298c88289443c9313612515918fa9062f9a4bddbf74c0b1768b6dfe6b76d0628f831cd0

    • SSDEEP

      384:Yek4gJeT99HsJhy2zQEmde4CnQhczvVp3d3uE6jLhnOl4D/CSWMlSqeTo2hZlw:lk0T9NsJhy2zQEmde4CQhczvVp3d3u3R

    Score
    10/10
    remcosawopersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks