Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe
-
Size
233KB
-
Sample
240320-cf29csea63
-
MD5
b0e371680c2c465a447d8cb4ad0ffa57
-
SHA1
b622b7dfb03b70219fe047abd365fe88a4316394
-
SHA256
043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d
-
SHA512
b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577
-
SSDEEP
6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj
Behavioral task
behavioral1
Sample
043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
chuk
mexbar.duckdns.org:3119
chukwuonye.duckdns.org:3241
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-S6EIWK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe
-
Size
233KB
-
MD5
b0e371680c2c465a447d8cb4ad0ffa57
-
SHA1
b622b7dfb03b70219fe047abd365fe88a4316394
-
SHA256
043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d
-
SHA512
b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577
-
SSDEEP
6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj
-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
UPX dump on OEP (original entry point)
-