Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
04012024_0028_Remcos2023.iso
-
Size
1.9MB
-
Sample
240103-tyvexabaa9
-
MD5
3f8f7fdbc1c367bbba16d162ac9bba1f
-
SHA1
44b717d9d713ffe771035e603a39f02fc54a408a
-
SHA256
e6f4b1ed945dfe592851779ee00459e49d078983937b72c6cedb4da6d1a42433
-
SHA512
efee0b92d65d7a2f6aa64ff5a82e7bb9942df9eab9ccf16eac06c06a8d1c2c497833cd903e5e2bda952dc37da46b013f7c0e179c3b551da3386b7fcb9cee3920
-
SSDEEP
24576:/bGQWvRW2299XrxE7Ozo4vq60bhs+VfnO52C:TGQWsXr+zZzhrVfn
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice_ Public Bank Berhad.pdf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Payment Advice_ Public Bank Berhad.pdf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
remcos
RemoteHost
172.96.14.67:9785
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6W5HVR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Payment Advice_ Public Bank Berhad.pdf.bat
-
Size
1.4MB
-
MD5
89ff8e75427e825570b0b2340dd832cf
-
SHA1
12903d7c478914c4c38e76b24001145048f20b8e
-
SHA256
7011d414322a2e8079029fdb2646ce87bea6baaa1dccdb4cc3ac07f968189cbd
-
SHA512
525e3098b2b6699113feedabe29e9636e71f30e1caef327c576df4853021a431483905bb6b17379cb587d87a79a811f856e25627f50e9ca34de7142603493c96
-
SSDEEP
24576:KbGQWvRW2299XrxE7Ozo4vq60bhs+VfnO52CF:EGQWsXr+zZzhrVfni
-
Detect ZGRat V1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-