Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

3.exe

windows7-x64

1

3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3.exe

  • Size

    1.2MB

  • Sample

    240705-mczdeawfpr

  • MD5

    e5b5f2acaac765e2a1f16de186a311c4

  • SHA1

    ccd6b160bf08351066de9b2514485fc831c5a99d

  • SHA256

    c09eb8a1ab2aefadcbe898040b91f19035a69f38c3c4e5bde1c8aa11da2c9589

  • SHA512

    fe7e5ffff19d5e8ae5465841c106f9f379019bf5779857120d59acddc1f3d22b4f75e1be5fdf585e85c76f19d5248168056eeb1e113d634dd3f2ff62fc4f8b95

  • SSDEEP

    24576:xAHnh+eWsN3skA4RV1Hom2KXMmHa3xWgTaqeZHLJWHC6JBnX5:Ih+ZkldoPK8Ya3s02Z1WHCOBp

Score
10/10
remcoswdptrrat

Malware Config

Extracted

Family

remcos

Botnet

WDPTR

C2

www.dpm-sael.com:2017

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    WDKGB-9QV8JL

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      3.exe

    • Size

      1.2MB

    • MD5

      e5b5f2acaac765e2a1f16de186a311c4

    • SHA1

      ccd6b160bf08351066de9b2514485fc831c5a99d

    • SHA256

      c09eb8a1ab2aefadcbe898040b91f19035a69f38c3c4e5bde1c8aa11da2c9589

    • SHA512

      fe7e5ffff19d5e8ae5465841c106f9f379019bf5779857120d59acddc1f3d22b4f75e1be5fdf585e85c76f19d5248168056eeb1e113d634dd3f2ff62fc4f8b95

    • SSDEEP

      24576:xAHnh+eWsN3skA4RV1Hom2KXMmHa3xWgTaqeZHLJWHC6JBnX5:Ih+ZkldoPK8Ya3s02Z1WHCOBp

    Score
    10/10
    remcoswdptrrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks