Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
516-74-0x0000000000400000-0x0000000000421000-memory.dmp
-
Size
132KB
-
Sample
230318-wnlfcsdb93
-
MD5
3a93b41942357669081bdf77ae0bcffc
-
SHA1
d90c38c3791c8a92a759149f203f4892876f4e1e
-
SHA256
fbe2bbce0762f38db4a4e4ee9cb478dd88254c0063153a44b49cf5136348876c
-
SHA512
12c6168d254afbe57687ee2a4f32432980804de7bd9473ee356a7b2ff4e00a8756f7c952215631af722941e06d809ab7caf599e7d8e6285113472a2967c34975
-
SSDEEP
3072:/bD9fB6vOkQo7pXTu7i0xHj39kzLQx5/rbyxKyMjOpzmmrzqhyI:TD9fBCOk97BuO0xHjlyxKyMj01rzqhy
Malware Config
Extracted
remcos
2.7.0 Pro
QUINTO
quinto.con-ip.com:2550
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-Z3CM7L
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
516-74-0x0000000000400000-0x0000000000421000-memory.dmp
-
Size
132KB
-
MD5
3a93b41942357669081bdf77ae0bcffc
-
SHA1
d90c38c3791c8a92a759149f203f4892876f4e1e
-
SHA256
fbe2bbce0762f38db4a4e4ee9cb478dd88254c0063153a44b49cf5136348876c
-
SHA512
12c6168d254afbe57687ee2a4f32432980804de7bd9473ee356a7b2ff4e00a8756f7c952215631af722941e06d809ab7caf599e7d8e6285113472a2967c34975
-
SSDEEP
3072:/bD9fB6vOkQo7pXTu7i0xHj39kzLQx5/rbyxKyMjOpzmmrzqhyI:TD9fBCOk97BuO0xHjlyxKyMj01rzqhy
Score3/10 -