Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Pedido0922023_xlsx.7z
-
Size
409KB
-
Sample
230922-s7q86sha41
-
MD5
40cafd5bd1115f469c79af9b771b9ec0
-
SHA1
6f6aa00dd40eb1b9e288f5cec2dbf4f83ddc8c94
-
SHA256
c74129b7d96e5859f57324918076b665247524663105d93a8bb546d1711fce46
-
SHA512
3535fed17d4ea7771b8642f429694402c5deabccd60c3f509a26c0bfd2d8bd8358f34742172e43ca7866d74a06d12e5ac2993741c53088bebf1c214d26d3a2b4
-
SSDEEP
12288:kJ1s6VWmxj7pYkHKler/FU91JXDTKsuKLZ1My9C+n:SjYvIZU91JzTthLf/n
Static task
static1
Behavioral task
behavioral1
Sample
Pedido0922023_xlsx.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Pedido0922023_xlsx.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
remcos
rj101
193.142.59.6:9494
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-SISLEN
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Pedido0922023_xlsx.exe
-
Size
1.2MB
-
MD5
13edbab0f54c88b7d5494995732d8bc1
-
SHA1
43927cc0d33769d9b0634ec9bc364ba6e25a6151
-
SHA256
b6175aa04f79e44af020154cbec1baaf6e4e60de42b69b32b37bd8fcd64d5bac
-
SHA512
2f23c0bc843d1234dd34201450edfce4d2ff136e5f420a2cfb9a3dfcb97d96c8936cfb0ff7123919d102c4915e7396dc811c37cc12287130b8a98328be21bfdc
-
SSDEEP
12288:dN7i6PeBQ9p1nU+Ji+/F1u1mlNHbsgyAvBvvc+X2B+d4ELSQZBLLKbIt383739Da:d5i6lnUr+fuMpNDJ2UxtkRN0D9h1
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-