Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

pago.bcp.pdf.exe

windows7-x64

3

pago.bcp.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    092d49631de2e9d2eee8cdc2f2593626477db3b91244a690dce55f919f3b40e2

  • Size

    539KB

  • Sample

    241004-v2zpga1dma

  • MD5

    4b17b79766dcfa36386d2566703b2e87

  • SHA1

    dff9934cfc396e08161f87f627000c5eb098b203

  • SHA256

    092d49631de2e9d2eee8cdc2f2593626477db3b91244a690dce55f919f3b40e2

  • SHA512

    85059bff973eb3e3d96abac33b70430d4daafef0687507af087bb4b405ef606e13a9b9b7e20fe76181e59b3454c110cbdacd9a9454d82954407163b7d9888b97

  • SSDEEP

    12288:EFLtsbqo8cp6E/QOFiB4ZQvBa+IWLy433gNCcAgd7Kt/3Nr:EDusEFFiB4mklWO83cCcXlc/3Nr

Score
10/10
remcosremotehostdiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

212.162.149.42:7118

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-YP127Q

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      pago.bcp.pdf.exe

    • Size

      1.4MB

    • MD5

      092beeec1cfbe99c40299d954bacc8da

    • SHA1

      55d56f40c256fa3eab78e3a58d5584894393e673

    • SHA256

      a0805b60c79c0edd1b7acee3ab9dc807e1c065c4c2575bceefe0ccf7f6524471

    • SHA512

      0515b42cf01c247f4096fd50df8c4f28c61bd378b7ebf11c02aca9fad0cca34c7f48eca5f1ecd3641be17e89d08b71569ee52934313c1b86b8f3280e985a0814

    • SSDEEP

      24576:KSEM0TpgTCUTJEjSE80TtgTHUTRrL63LYi+t/eW5934XskzuoUuOxtHmURi3AEFV:XkRcskzUuytHmz3AE

    Score
    10/10
    discoveryremcosremotehostpersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.