Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f389839a62...e7.exe

windows7-x64

10

f389839a62...e7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2024, 18:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe

  • Size

    971KB

  • MD5

    e83f4f4d3264f7f94ba49c93a110e0de

  • SHA1

    373d0deb8e94fc157a5815de5bf32d44a38da74f

  • SHA256

    f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7

  • SHA512

    65934c2152fb2caa5099b1f8114c46066bde0af98e23996d58b2015a5120a16a3cf9b766ece96b051785c73a31b2fec6e321a2690aa40796ce711910ad09cedc

  • SSDEEP

    24576:8eXJasfN3LrXZerh5r5R0hpoaxY+G9L4oZV:8cfN3LrQfr5Rupo5CoZV

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

yabobo.duckdns.org:6847

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-0VPBW5

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
    "C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
      "C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe"
      2⤵
        PID:4968
      • C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        "C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe"
        2⤵
          PID:3844
        • C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
          "C:\Users\Admin\AppData\Local\Temp\f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe"
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:2260

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        134.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        yabobo.duckdns.org
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        Remote address:
        8.8.8.8:53
        Request
        yabobo.duckdns.org
        IN A
        Response
        yabobo.duckdns.org
        IN A
        192.169.69.26
      • flag-us
        DNS
        26.69.169.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.69.169.192.in-addr.arpa
        IN PTR
        Response
        26.69.169.192.in-addr.arpa
        IN PTR
        sinkholehyascom
      • flag-us
        DNS
        56.163.245.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.163.245.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        82.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        82.190.18.2.in-addr.arpa
        IN PTR
        Response
        82.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-82deploystaticakamaitechnologiescom
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        yabobo.duckdns.org
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        Remote address:
        8.8.8.8:53
        Request
        yabobo.duckdns.org
        IN A
        Response
        yabobo.duckdns.org
        IN A
        192.169.69.26
      • flag-us
        DNS
        yabobo.duckdns.org
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        Remote address:
        8.8.8.8:53
        Request
        yabobo.duckdns.org
        IN A
        Response
        yabobo.duckdns.org
        IN A
        192.169.69.26
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        yabobo.duckdns.org
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        Remote address:
        8.8.8.8:53
        Request
        yabobo.duckdns.org
        IN A
        Response
        yabobo.duckdns.org
        IN A
        192.169.69.26
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        yabobo.duckdns.org
        tls
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        304 B
         88 B
         3
        2
      • 192.169.69.26:6847
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        134.32.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        134.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        yabobo.duckdns.org
        dns
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        64 B
         80 B
         1
        1

        DNS Request

        yabobo.duckdns.org

        DNS Response

        192.169.69.26

      • 8.8.8.8:53
        26.69.169.192.in-addr.arpa
        dns
        72 B
         103 B
         1
        1

        DNS Request

        26.69.169.192.in-addr.arpa

      • 8.8.8.8:53
        56.163.245.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        56.163.245.4.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        82.190.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        82.190.18.2.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        yabobo.duckdns.org
        dns
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        64 B
         80 B
         1
        1

        DNS Request

        yabobo.duckdns.org

        DNS Response

        192.169.69.26

      • 8.8.8.8:53
        yabobo.duckdns.org
        dns
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        64 B
         80 B
         1
        1

        DNS Request

        yabobo.duckdns.org

        DNS Response

        192.169.69.26

      • 8.8.8.8:53
        48.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        48.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        yabobo.duckdns.org
        dns
        f389839a6216aea670545a89697ce85cc3a8c170961804cea96525c5ed1cb6e7.exe
        64 B
         80 B
         1
        1

        DNS Request

        yabobo.duckdns.org

        DNS Response

        192.169.69.26

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\remcos\logs.dat
        Filesize

        144B

        MD5

        2ecc0106b72d76b16b8655ca65a42cc4

        SHA1

        80d7e10545ac65c181b6c2f7670e4cbe0aaee1cb

        SHA256

        6b5ecf964d9cc5a0f17d49e479d0c1264956616463f73311961d60c9c155aa18

        SHA512

        a4dd099fab9b45f8a74dda7177990bed093e28c3fec31e0aba62e1a89aac22574a549cd82c976f66db730dcda51dbc49b4ed0334eae3f44ecf2035d808f31ef0

        Download Submit

      • memory/1364-0-0x000000007481E000-0x000000007481F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1364-1-0x0000000000DD0000-0x0000000000ECA000-memory.dmp

        Filesize

        1000KB

        Download

      • memory/1364-2-0x0000000005E40000-0x00000000063E4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1364-3-0x0000000005930000-0x00000000059C2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1364-4-0x0000000074810000-0x0000000074FC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1364-5-0x00000000058C0000-0x00000000058CA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1364-6-0x0000000005BC0000-0x0000000005C5C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/1364-7-0x0000000005D80000-0x0000000005D9C000-memory.dmp

        Filesize

        112KB

        Download

      • memory/1364-8-0x000000007481E000-0x000000007481F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1364-9-0x0000000074810000-0x0000000074FC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1364-10-0x0000000006CF0000-0x0000000006DB4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/1364-20-0x0000000074810000-0x0000000074FC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2260-11-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-12-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-14-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-19-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-18-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-15-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-21-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-22-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-23-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-24-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-25-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-26-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-27-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-29-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-30-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-31-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-32-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-33-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-34-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-35-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-37-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-38-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-39-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-40-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-41-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-42-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-44-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-45-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-46-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-47-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-48-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-49-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-50-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-52-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-53-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-54-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-55-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-56-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-57-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-58-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-60-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-61-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-62-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-63-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-64-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-65-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-67-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-68-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-69-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-70-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-71-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-72-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-73-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-75-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-76-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-77-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-78-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-79-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-80-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-81-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-83-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-84-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/2260-85-0x0000000000400000-0x000000000047F000-memory.dmp

        Filesize

        508KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.