Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d4a1576213580954e906144a0434fc9df19ce746a726504e70597c58ce9a4fd5.gz
-
Size
1.8MB
-
Sample
240213-gap43afe9x
-
MD5
d280973512d5e13bb7547d9af39db3eb
-
SHA1
3a505dfbee6e79a1d64c600eda8ceca5e9649c53
-
SHA256
d4a1576213580954e906144a0434fc9df19ce746a726504e70597c58ce9a4fd5
-
SHA512
5da0aaf48f3aaf1a7dd8950c8c1516b864b41a851e72dbf610e6344aa26a559f555f4d3562a90c65ecaffcf7b5782f2935cee0078afc35eab86e80e774e6fdbe
-
SSDEEP
24576:gzH9OvVcTNP8bqo7VEiO2g263c/pQEDr+pnqi6msHDUZ0b:esINUbqwVEz3oQ3nqi6JDQ0b
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order-ListSamples_xls.scr
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Purchase Order-ListSamples_xls.scr
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Specifications.scr
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Specifications.scr
Resource
win10v2004-20231222-en
Malware Config
Extracted
remcos
RemoteHost
lora1.taiwantradeglobal.com:2404
lora2.taiwantradeglobal.com:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-R9UMK0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Purchase Order-ListSamples_xls.scr
-
Size
932KB
-
MD5
acf1a5648f805a2e245c5ca3ed592298
-
SHA1
c6f2fad033b2b6aa910a75c5cd3d94184406fde7
-
SHA256
1351e61c2b4c13ccf8b28d7f1f9aa82f7cce424e723a30bacbfa404d1d98fa6d
-
SHA512
5e28c34f7f1a46cf41af0d51c5fb941c811212a0c96f933e6f9464e143b27fef8412a63e0df0cd11894a7df171759284d22f9eb947921d0c9d5c0f7e330e7ea8
-
SSDEEP
24576:OtK2xcQUuT2bpG4tDjoL4BjCtLPM3pP3j++VTZ:Os2xL2lG4Vg8KLP4P3jrZ
Score10/10-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
Specifications.scr
-
Size
1020KB
-
MD5
f03e14fede667def5971cd05001ac26e
-
SHA1
c3b194d8b0d66a3a7aa540123f9191f06632c31a
-
SHA256
a090d4d19e61d32cc67cbbcd57124becd412d1e9f7d8d8ed896da4d2d689dc7f
-
SHA512
e38eaa3b4720cd0e0fd002f9d9067991c7b2ded1335a0a8d8872b96ec498a3231bdf99c1347e701b0bf23631e27a2569d62b0671a009562f9effb932c2ff3ff1
-
SSDEEP
24576:MtS2xc3m8Y83BarJ3OJJwFcx9wyeZBMI4mCJFix:MQ2x+b3BaN3mwF6yJXWFi
Score10/10-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-