Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

SecuriteIn...48.exe

windows7_x64

8

SecuriteIn...48.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.BScope.Backdoor.Remcos.948

  • Size

    546KB

  • Sample

    200709-zfbl9kvb36

  • MD5

    e7ec2585b8fd04839c9d29fbaf35b6fc

  • SHA1

    c0b524bf9180fc3dbae0e8c72b96fd8c0ddf6e02

  • SHA256

    8afd54f2ed0af6d9593b0985cec1604748ca753900859fe4ee225d21b574e55e

  • SHA512

    c2ece5ab56dd7637b794e49cd5c0df9413ebd64ec2edf3443184d55e2330ee4450eee23f6d7469196e11ea7b1a5401e8ce935529f1c0cce4483c405f74438259

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.BScope.Backdoor.Remcos.948

    • Size

      546KB

    • MD5

      e7ec2585b8fd04839c9d29fbaf35b6fc

    • SHA1

      c0b524bf9180fc3dbae0e8c72b96fd8c0ddf6e02

    • SHA256

      8afd54f2ed0af6d9593b0985cec1604748ca753900859fe4ee225d21b574e55e

    • SHA512

      c2ece5ab56dd7637b794e49cd5c0df9413ebd64ec2edf3443184d55e2330ee4450eee23f6d7469196e11ea7b1a5401e8ce935529f1c0cce4483c405f74438259

    Score
    8/10
    persistencespywareevasiontrojan

    • Adds Run entry to policy start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks