Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

OFICIO 002...24.exe

windows7-x64

10

OFICIO 002...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b39b7a119f7701a60aa8a9f540b37f6d.tar

  • Size

    1.8MB

  • Sample

    241009-2dwfgazena

  • MD5

    b39b7a119f7701a60aa8a9f540b37f6d

  • SHA1

    ff417a84ae0457c71205531b7b229efcb45fffbd

  • SHA256

    c73c1395d9585ff79d683d069a6803006bcff169937bd2e6687fac3284d314ec

  • SHA512

    1681476a90d440719e5f27f2766a746bd97020d8b3e9b6428e0fd9555320023a4344ae2975178df220fc25584bf7a25f01dc263c0d0138850b34e6480c698510

  • SSDEEP

    49152:yblowQyXLkkDv9NUr0216ZR5hBSISZg/72GKLR:ySKXLkk4w21AR5hBUZg/qVR

Score
10/10
remcosoctudiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

OCTU

C2

segurosbolivar24.con-ip.com:2006

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    registros.dat

  • keylog_flag

    false

  • keylog_folder

    regist

  • mouse_option

    false

  • mutex

    ljnghvfghujkvgnasftnz-X8YJ1F

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Capturas de pantalla

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      OFICIO 002394939249 TESORERIA No. 0399498-002024.exe

    • Size

      4.9MB

    • MD5

      cbdd93c0f2fdc3549188bad11af2cbb6

    • SHA1

      bb8023707452a17e8236cae8d2e7a11cc0ec8c1d

    • SHA256

      8aa24e0acffe7459f0662e8f3852fc34ed65a6e05cd468bdbc4c7a30c480a169

    • SHA512

      8cfcdee2366f3d7e276070e7a353346600f58da66c4dbe940a8db58a5b1b6c1bea91fac7fd6a99b8db7a9e3bc09f2b491807e2af91b1aba6b16631a15f41a919

    • SSDEEP

      49152:GSq2zkGQxfkScRd2j4309+eZypv0rMHul1gUuu9blTeYbkqFTckW4lLFQoMHMZKB:GStzEx9xypvogUuuhkYbkqFWCMojwH

    Score
    10/10
    remcosoctudiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks