Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RemoteQS.exe

  • Size

    2.9MB

  • Sample

    230313-vehgnsbc66

  • MD5

    ab991fc6237c290ae7fbe0bdc9dae256

  • SHA1

    a9f7c0bad80c5dd1f3217c92de233c4898d6e6f5

  • SHA256

    6dac8dd36658248036a691dd776a472994b950f5ddc7eea26559f2fff919cf53

  • SHA512

    a6a4d8113fbee7cf8e65efffe435abf1d76f698c5f557319a2831e64ea91ee482c17a44a198f33a55005551e95ea8d598f9ce088088db12ee0a621d4f6748ddd

  • SSDEEP

    49152:uEN6oZDhMcToUcHx0ZrKSrseqPs4OB8ecNifpf0a7YPb/lIKftzDKtj36Z:1NjDhMOoUcHSr2s4OB+Mt0BT/lIKftIM

Score
7/10

Malware Config

Targets

    • Target

      RemoteQS.exe

    • Size

      2.9MB

    • MD5

      ab991fc6237c290ae7fbe0bdc9dae256

    • SHA1

      a9f7c0bad80c5dd1f3217c92de233c4898d6e6f5

    • SHA256

      6dac8dd36658248036a691dd776a472994b950f5ddc7eea26559f2fff919cf53

    • SHA512

      a6a4d8113fbee7cf8e65efffe435abf1d76f698c5f557319a2831e64ea91ee482c17a44a198f33a55005551e95ea8d598f9ce088088db12ee0a621d4f6748ddd

    • SSDEEP

      49152:uEN6oZDhMcToUcHx0ZrKSrseqPs4OB8ecNifpf0a7YPb/lIKftzDKtj36Z:1NjDhMOoUcHSr2s4OB+Mt0BT/lIKftIM

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v6

Tasks