Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CARPETADEFOLIOYACTAENTREG.exe
-
Size
1.3MB
-
Sample
230709-l7lv5ada7w
-
MD5
f078c4f43ad9bd1eaf54946c84fdb78e
-
SHA1
9d3f4a0595af9c10731ea2e9f198c462b2d73dec
-
SHA256
1c9708a7c1cca2ffb1fb6711828553521a81c313bd3dcefba441e546d2457e5d
-
SHA512
079b649c6fd09a8df4b7cd032b6edd8b555948d5cac47a18afe3aa44b0ef1aa937ed3bb4f1b2108577a237181cd66055c71f7a21c84b8453c3ab3b83d55f72a1
-
SSDEEP
24576:9VgmnudJ41JhQdiZoGDbbtadASRTcibq/7dTYpzWRuhIDTAekW:9VSr42+vtMZNDbydTQWRuaDTJX
Static task
static1
Behavioral task
behavioral1
Sample
CARPETADEFOLIOYACTAENTREG.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
CARPETADEFOLIOYACTAENTREG.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
nj0509.duckdns.org:0509
6ce9672712ba4490be
-
reg_key
6ce9672712ba4490be
-
splitter
@!#&^%$
Extracted
remcos
matarifeJULIO6
matarife.duckdns.org:2798
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
20
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-KM2G8Z
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
CARPETADEFOLIOYACTAENTREG.exe
-
Size
1.3MB
-
MD5
f078c4f43ad9bd1eaf54946c84fdb78e
-
SHA1
9d3f4a0595af9c10731ea2e9f198c462b2d73dec
-
SHA256
1c9708a7c1cca2ffb1fb6711828553521a81c313bd3dcefba441e546d2457e5d
-
SHA512
079b649c6fd09a8df4b7cd032b6edd8b555948d5cac47a18afe3aa44b0ef1aa937ed3bb4f1b2108577a237181cd66055c71f7a21c84b8453c3ab3b83d55f72a1
-
SSDEEP
24576:9VgmnudJ41JhQdiZoGDbbtadASRTcibq/7dTYpzWRuhIDTAekW:9VSr42+vtMZNDbydTQWRuaDTJX
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-