Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
po#2023-0374.xlsx
-
Size
692KB
-
Sample
230419-mw431abh3w
-
MD5
f9cf4f69ff7c5e8787b2f78a0647f616
-
SHA1
1f4631f60aef212f5a106ad25b1ffebcd029b738
-
SHA256
f7e087067adbb8d63af6b8bd751dee471f1fa059300f70358428199307b012dc
-
SHA512
d4a4c970d5652a6db08160e0307996bd1f3303c48b9ca508fd099e6dd7929f900298ca789d4159fecab8a95ef43bab5dcf9c3b65844ece2db9543653a1c2218f
-
SSDEEP
12288:iS4yTbZUD2doKGe5KasiR+tgTHJ01OEW7QqQv5Z7inRaeoLHBX5QnGP:AyTm6hQKUgbEW7LMsanLF
Static task
static1
Behavioral task
behavioral1
Sample
po#2023-0374.xlsx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
po#2023-0374.xlsx
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
Awele-Host
gdyhjjdhbvxgsfe.gotdns.ch:2718
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
qos.exe
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Rmc-VC3F2C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Jm
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
po#2023-0374.xlsx
-
Size
692KB
-
MD5
f9cf4f69ff7c5e8787b2f78a0647f616
-
SHA1
1f4631f60aef212f5a106ad25b1ffebcd029b738
-
SHA256
f7e087067adbb8d63af6b8bd751dee471f1fa059300f70358428199307b012dc
-
SHA512
d4a4c970d5652a6db08160e0307996bd1f3303c48b9ca508fd099e6dd7929f900298ca789d4159fecab8a95ef43bab5dcf9c3b65844ece2db9543653a1c2218f
-
SSDEEP
12288:iS4yTbZUD2doKGe5KasiR+tgTHJ01OEW7QqQv5Z7inRaeoLHBX5QnGP:AyTm6hQKUgbEW7LMsanLF
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-