Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1232-67-0x0000000000400000-0x0000000000488000-memory.dmp
-
Size
544KB
-
Sample
221102-m4felscadp
-
MD5
2409221ec1bd1980965f56d1dc0be667
-
SHA1
714af6bc8c35fcba3a8800395bd6be7320752269
-
SHA256
68524c929875e30fb8d68fbd38ad48d6adb6895ce3cbf183d0ff29281d82eaa4
-
SHA512
9401087716bec2451a23604ff395656243d565436d202c256ae9d5c4eca77c7f5ebd9f7001addb165e1ceb030631f76a14af72fe927a86d3701a8c3a2d4a3a30
-
SSDEEP
6144:xAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHW4EkR2K3g9ZsAOZZQmXsg7jg:xmnk7iLJbpIpiRL6I2W4EtKQ9ZsfZQc
Malware Config
Extracted
remcos
RemoteHostStar
41.216.183.226:41900
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-0OUDX5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1232-67-0x0000000000400000-0x0000000000488000-memory.dmp
-
Size
544KB
-
MD5
2409221ec1bd1980965f56d1dc0be667
-
SHA1
714af6bc8c35fcba3a8800395bd6be7320752269
-
SHA256
68524c929875e30fb8d68fbd38ad48d6adb6895ce3cbf183d0ff29281d82eaa4
-
SHA512
9401087716bec2451a23604ff395656243d565436d202c256ae9d5c4eca77c7f5ebd9f7001addb165e1ceb030631f76a14af72fe927a86d3701a8c3a2d4a3a30
-
SSDEEP
6144:xAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHW4EkR2K3g9ZsAOZZQmXsg7jg:xmnk7iLJbpIpiRL6I2W4EtKQ9ZsfZQc
Score1/10 -