Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
10012024_1753_gbrem.exe.bin
-
Size
15.6MB
-
Sample
240110-lxcjpsebb3
-
MD5
b6a22c3dfc954914f051aa33d2e2af1a
-
SHA1
18a53be63f02b68b9772a892816f83a6d97a1789
-
SHA256
564d742044e5ac9f6279c01c5c29bb801606b63c6c2cbfc2af09d8f2a73b84a6
-
SHA512
4dad54e04a99cdfbe473813647bb95e4410964b3fde126faca497f27ca8bcbcbd81f41129716af6a948a131282b6bde003b172b4cdcc33825d53c3144509a23f
-
SSDEEP
393216:XsMcUFlcXXZKTMlViqmu0k4nj8AcVwecyccnauSbb1LcVm:8pnZKTMlgfkMXcVMyouSbbK
Static task
static1
Behavioral task
behavioral1
Sample
10012024_1753_gbrem.exe
Resource
win7-20231215-en
Malware Config
Extracted
remcos
dvg
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
word.exe
-
copy_folder
DVG
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
dgvsv-Z4Y1VB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
10012024_1753_gbrem.exe.bin
-
Size
15.6MB
-
MD5
b6a22c3dfc954914f051aa33d2e2af1a
-
SHA1
18a53be63f02b68b9772a892816f83a6d97a1789
-
SHA256
564d742044e5ac9f6279c01c5c29bb801606b63c6c2cbfc2af09d8f2a73b84a6
-
SHA512
4dad54e04a99cdfbe473813647bb95e4410964b3fde126faca497f27ca8bcbcbd81f41129716af6a948a131282b6bde003b172b4cdcc33825d53c3144509a23f
-
SSDEEP
393216:XsMcUFlcXXZKTMlViqmu0k4nj8AcVwecyccnauSbb1LcVm:8pnZKTMlgfkMXcVMyouSbbK
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-