Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RemoteQS.exe
-
Size
2.9MB
-
Sample
230313-vehgnsbc66
-
MD5
ab991fc6237c290ae7fbe0bdc9dae256
-
SHA1
a9f7c0bad80c5dd1f3217c92de233c4898d6e6f5
-
SHA256
6dac8dd36658248036a691dd776a472994b950f5ddc7eea26559f2fff919cf53
-
SHA512
a6a4d8113fbee7cf8e65efffe435abf1d76f698c5f557319a2831e64ea91ee482c17a44a198f33a55005551e95ea8d598f9ce088088db12ee0a621d4f6748ddd
-
SSDEEP
49152:uEN6oZDhMcToUcHx0ZrKSrseqPs4OB8ecNifpf0a7YPb/lIKftzDKtj36Z:1NjDhMOoUcHSr2s4OB+Mt0BT/lIKftIM
Behavioral task
behavioral1
Sample
RemoteQS.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
RemoteQS.exe
-
Size
2.9MB
-
MD5
ab991fc6237c290ae7fbe0bdc9dae256
-
SHA1
a9f7c0bad80c5dd1f3217c92de233c4898d6e6f5
-
SHA256
6dac8dd36658248036a691dd776a472994b950f5ddc7eea26559f2fff919cf53
-
SHA512
a6a4d8113fbee7cf8e65efffe435abf1d76f698c5f557319a2831e64ea91ee482c17a44a198f33a55005551e95ea8d598f9ce088088db12ee0a621d4f6748ddd
-
SSDEEP
49152:uEN6oZDhMcToUcHx0ZrKSrseqPs4OB8ecNifpf0a7YPb/lIKftzDKtj36Z:1NjDhMOoUcHSr2s4OB+Mt0BT/lIKftIM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-