Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
payment98402.exe_pw_infected.zip
-
Size
485KB
-
Sample
240220-sjtpdsah59
-
MD5
28c323d39428df38a71502a64ce547ef
-
SHA1
2e53adc79f104dd3a0ff4634283b8f4a90ea821c
-
SHA256
b76730b39b05e14a80a48c8e4e008df21e59950b9cb47592fb3b1e88c25e746a
-
SHA512
d815ccd89ff656b07448f247a853f0862f3cae3c593ad0b10da1086dd01922bc34d58f645c9e3e342d1eb3f11461cfc84e1e65f190ca776755accc0a40f6270b
-
SSDEEP
12288:WV+JKlea1vfm5wyiscqxCGLi4gG7Ji65zGrczKK:TKlea1vfm5w3v1H4HigKK
Static task
static1
Behavioral task
behavioral1
Sample
0x0006000000018714-24.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0x0006000000018714-24.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240220-en
Behavioral task
behavioral5
Sample
Achomawi/Kirundi145/Underpricing/ekstremismers/Eksekveringers.ps1
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Achomawi/Kirundi145/Underpricing/ekstremismers/Eksekveringers.ps1
Resource
win10v2004-20240220-en
Malware Config
Extracted
remcos
RemoteHost
103.77.243.184:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-VU7JGO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
0x0006000000018714-24
-
Size
516KB
-
MD5
f99b43eb35c35085a3a49efe77800d70
-
SHA1
08635081e80e787603325cb7b99e0090853f7670
-
SHA256
ecbff1a598be2581f8692bba7b07a058f951bab59893cd675b2d8c8b1d326787
-
SHA512
0ad4dcf8e69bb9cca9d23edb94edd10cedad64938461c44493883445c44872bf41447c2839df0b1a86a9dbd7c7af8fafc4483caf44b3450e38eb955a6fac684f
-
SSDEEP
12288:pg0toCB9ClTqt57zxVb48gCtU6fTECS1uC:7WTRqbHLU8gX6NJC
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
b38561661a7164e3bbb04edc3718fe89
-
SHA1
f13c873c8db121ba21244b1e9a457204360d543f
-
SHA256
c2c88e4a32c734b0cb4ae507c1a9a1b417a2375079111fb1b35fab23aedd41d9
-
SHA512
fedcaac20722de3519382011ccf22314af3edcd11b69f814db14710966853b69b9b5fc98383edcdb64d050ff825264eaba27b1c5adfe61d1fc9d77f13a052ced
-
SSDEEP
96:f7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNPS3e:zXhHR0aTQN4gRHdMqJVgNPR
Score3/10 -
-
-
Target
Achomawi/Kirundi145/Underpricing/ekstremismers/Eksekveringers.Woo
-
Size
26KB
-
MD5
47d2425b039972b3e7d672afaa368497
-
SHA1
4f0ecaa75256fb2907f2a55cac55033929f59363
-
SHA256
949cf299f52fffc2a4fe702404688e35372c3240540c8aefe733ce93f8e18774
-
SHA512
030acafe770ae0de5c4587e4faa11653b481840ad44f601a0faa05e4d4faf2da44f0c48d111181ca01f01bff42379e5e3f1bf872049105003816e6f8126bf8d2
-
SSDEEP
384:7cmAlqpqqNLqe5GXd7qFa32/83gfkKd8PFJrOXxV0q67nqM8SeWWrd:7cm4qpqQLP5GXBqFZwgTqPFJrOZEnqdJ
Score1/10 -