Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Mit Technologies Iran - MIT PO_TURK00926600.pdf(73KB).com
-
Size
5KB
-
Sample
240220-mj7y5afe93
-
MD5
10531525068f2547147c84cf4b464f75
-
SHA1
7c05bb4ee5c49eef647837347825c19a1756d73b
-
SHA256
2821d789c0b37d3ed136eebd66c36216386fa9d4935fcd733b1e8ef4fd388d36
-
SHA512
d6a9e15f614aab2a2baecb832f5c7ba642893fd62d353bac09d1a247a834ef0e4ec781551e6a5ed9deb97308f19cb333b52f71e82e5ff2536bdcc2d843350fa5
-
SSDEEP
48:6yZEbVTWEkfWXedefzwYczF5ejsFBCJwUhloy54Rn6l+spsVtiOl1VeRqFSpfbNM:sQEPeoczo4YwUhuyy++BvVeTzNt
Static task
static1
Behavioral task
behavioral1
Sample
Mit Technologies Iran - MIT PO_TURK00926600.pdf(73KB).exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Mit Technologies Iran - MIT PO_TURK00926600.pdf(73KB).exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
remcos
FRESH
igw.myfirewall.org:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-4HN46L
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Mit Technologies Iran - MIT PO_TURK00926600.pdf(73KB).com
-
Size
5KB
-
MD5
10531525068f2547147c84cf4b464f75
-
SHA1
7c05bb4ee5c49eef647837347825c19a1756d73b
-
SHA256
2821d789c0b37d3ed136eebd66c36216386fa9d4935fcd733b1e8ef4fd388d36
-
SHA512
d6a9e15f614aab2a2baecb832f5c7ba642893fd62d353bac09d1a247a834ef0e4ec781551e6a5ed9deb97308f19cb333b52f71e82e5ff2536bdcc2d843350fa5
-
SSDEEP
48:6yZEbVTWEkfWXedefzwYczF5ejsFBCJwUhloy54Rn6l+spsVtiOl1VeRqFSpfbNM:sQEPeoczo4YwUhuyy++BvVeTzNt
-
Detect ZGRat V1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-