Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5868bd786a...ef.exe

windows7-x64

10

5868bd786a...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5868bd786a53297dfb2265f5f00d55cdc21ab25aa803acd288a39d59507d25ef

  • Size

    1017KB

  • Sample

    240902-k27pzawhqm

  • MD5

    b61864f46e2dd1aa7a629eb85f08be33

  • SHA1

    99048df6b97319f0d6293309b71d1ffafc8bf269

  • SHA256

    5868bd786a53297dfb2265f5f00d55cdc21ab25aa803acd288a39d59507d25ef

  • SHA512

    5a6607351724208aed4bbcd38d0114723131e331c1d50c4b43cb749628e836634d9c7d4b5e82d1261e6518723236d6bf91ddf32ab49af606b2d43878e55b4e8e

  • SSDEEP

    24576:U4OR7Cs7VTj7e9pb1icG+hiNT4TrAgPdiRFcpFUQ:471yb1IxsA4d0yFp

Score
10/10
remcosremotehostcollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

127.0.0.1:2404

67.207.161.204:2404
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-ZA03K9

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      5868bd786a53297dfb2265f5f00d55cdc21ab25aa803acd288a39d59507d25ef

    • Size

      1017KB

    • MD5

      b61864f46e2dd1aa7a629eb85f08be33

    • SHA1

      99048df6b97319f0d6293309b71d1ffafc8bf269

    • SHA256

      5868bd786a53297dfb2265f5f00d55cdc21ab25aa803acd288a39d59507d25ef

    • SHA512

      5a6607351724208aed4bbcd38d0114723131e331c1d50c4b43cb749628e836634d9c7d4b5e82d1261e6518723236d6bf91ddf32ab49af606b2d43878e55b4e8e

    • SSDEEP

      24576:U4OR7Cs7VTj7e9pb1icG+hiNT4TrAgPdiRFcpFUQ:471yb1IxsA4d0yFp

    Score
    10/10
    remcosremotehostcollectioncredential_accessdiscoveryratspywarestealer

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.