Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ggsploit.zip

  • Size

    309KB

  • Sample

    241006-kcbw1awdml

  • MD5

    37370dccbd95f63e49593a17cb3929aa

  • SHA1

    1a4d8f94634753440fb570eb20e259f57cbb7308

  • SHA256

    7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4

  • SHA512

    6e7b231237a70f6c57e4135b2be32432c83ac74b1de5de77c2b85f806c0060889a99b9cda8cd32c374a02a092ea77af143feed21614644eea8548c4ac817f01c

  • SSDEEP

    6144:gIw5OkChoEFViKBpHL2tJMDBvOSuC+ULfkZ4bbrOK2sVW5KquT2ofj:gXs4GprSGVuChL8c/OK2sVW5vU

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5MDc3NzUxNTM1NDIyNjY5OQ.GRewL1.rZmEWtyFw1xziPUaWh2BVUvRwh05H7FaxQvvbM

  • server_id

    1290772191046139915

Extracted

Family

remcos

Version

5.1.3 Light

Botnet

ggsploit V1.2.2

C2

127.0.0.1:4444

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-IY8ZNV

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      ggsploit V1.2.4.exe

    • Size

      78KB

    • MD5

      63f4d849f06b2d5299132c7a49d9951d

    • SHA1

      39d400642e22b0b13044a92c52895d879b7130d1

    • SHA256

      ce1fcacce7353155439f4064d90b2c6996be833666a6fc8cb58fcc9874aaa204

    • SHA512

      63f2ac4eda24973c3a003d30c93debe132be8f357fb1089f5169bd4ef54a0bef7c1794be8f83f4c60f0eb34df797c909f05e692987bd4c7682270d558f69375e

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

    • Target

      unins000.exe

    • Size

      430KB

    • MD5

      f07c34de89f91cdf9379f051a1135c7c

    • SHA1

      a161b99283640266188c3b66b864555d0f91a5f3

    • SHA256

      69a5b8d0c2b1f72db5f4afdb29926b1d919225f46c2b6f3022a556ac136c3a6e

    • SHA512

      ab83d283974c59ac2c3aced51a536f41b253b62272a11bb1782f3a47beda800f1230b8d376d8366d72db75cb37482cf9aef6a4fa7e4acd18fe445f4e1cfc9064

    • SSDEEP

      6144:svRscHtVzjwIRFzJZ2p26+jFWXYnj9iT2ebvXmUcCqkmAO2rjXH7ycDt3:svRs4OIm2hWX4U2ebvRUAr7773

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.