Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

d30e71d321...29.msi

windows7-x64

10

d30e71d321...29.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d30e71d321786a1cda09b0c75d408a8541b6167b6753de08f46504d90d2af129.msi

  • Size

    4.0MB

  • Sample

    240928-gd1pzasclg

  • MD5

    bce2b57d15105b59a838eb1bd12aa7ee

  • SHA1

    81d4e952363ec181cd06007fbbd5a8b83cce51cf

  • SHA256

    d30e71d321786a1cda09b0c75d408a8541b6167b6753de08f46504d90d2af129

  • SHA512

    4fd8dee6ca059a1174ceed13d86843c03150424ff06305e5d35fac0e3a66a28e477fe19a138c2526ad87ccadb9251d68ebbf6d024e053959dee698a8140b499a

  • SSDEEP

    98304:xptfJOkKJqbdkE3GCIA/DCSlT/IZY//xEYQvjGkvUco5B1:151xkE3G8XIKB27dMco5

Score
10/10
remcosbackup_pipdiscoverypersistenceprivilege_escalationrat

Malware Config

Extracted

Family

remcos

Botnet

BACKUP_PIP

C2

heavytank21gh.com:4422

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    info.dat

  • keylog_flag

    false

  • keylog_folder

    tmpdata

  • mouse_option

    false

  • mutex

    aujifbh8123-1M56R1

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      d30e71d321786a1cda09b0c75d408a8541b6167b6753de08f46504d90d2af129.msi

    • Size

      4.0MB

    • MD5

      bce2b57d15105b59a838eb1bd12aa7ee

    • SHA1

      81d4e952363ec181cd06007fbbd5a8b83cce51cf

    • SHA256

      d30e71d321786a1cda09b0c75d408a8541b6167b6753de08f46504d90d2af129

    • SHA512

      4fd8dee6ca059a1174ceed13d86843c03150424ff06305e5d35fac0e3a66a28e477fe19a138c2526ad87ccadb9251d68ebbf6d024e053959dee698a8140b499a

    • SSDEEP

      98304:xptfJOkKJqbdkE3GCIA/DCSlT/IZY//xEYQvjGkvUco5B1:151xkE3G8XIKB27dMco5

    Score
    10/10
    remcosbackup_pipdiscoverypersistenceprivilege_escalationrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.