Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
77b6482e415499d039fd94dc2c588217bb71bd6f3da0747c53a439bc9490fbed_JC.7z
-
Size
1.1MB
-
Sample
230823-tvaakafc8s
-
MD5
f3f414f46daa3779ea3103c418b35d0d
-
SHA1
2b3adc2bc3f4e40a855252a7931b8e24475d7488
-
SHA256
77b6482e415499d039fd94dc2c588217bb71bd6f3da0747c53a439bc9490fbed
-
SHA512
e23ac0f361eb1e8cb07a66fbdda6cae6395739bbe49ae7ff2f8012a764ff680e6df977ec272f74d1e498e2f5a48ddf41a999893ada9508ccd7917e2977e238b4
-
SSDEEP
24576:OjqxtwQzFBi3ZXkcWFSlqbh/gAZ3QZYPFznOSa5:OG8QzFO9kcWt/Z3QaPROSa5
Static task
static1
Behavioral task
behavioral1
Sample
Rooming list.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Rooming list.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
remcos
RemoteHost
closen.kozow.com:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-V0K781
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Rooming list.exe
-
Size
133.0MB
-
MD5
6b405cc5058f539118b7bf278e5ec92d
-
SHA1
32576751854860acb742f71bd1aef7cc6accdbfc
-
SHA256
6460ce4d46ea972d0296bfbfd2315b2686021380c4d22ceb0c0a987faa749fd4
-
SHA512
55393ecd988d2beae68897d32287ac57b9d220534cc17dc3a82ca4b201b99d847b8247c0993a813901658953a25e08da35583a82a8e4dbed1f111e639a33a125
-
SSDEEP
24576:BSoUQ4BU6CXEFENRLBZE3RmZDWkhkz+t/cOlIoxXz1WvDuS7K:Ib4JBZEBam+t/zFX0LuEK
Score10/10-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-