Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ab5798ec55efc5f553d4e99996fc42a574ea082e8106d08c5f2b7c6dc2afbac0
-
Size
893KB
-
Sample
240417-rvx1hsca89
-
MD5
3f27e52ced5eb91c2c7c57f1ad8a5458
-
SHA1
52418081b6b5b22bd7420491a83eb9690b2f6a6a
-
SHA256
ab5798ec55efc5f553d4e99996fc42a574ea082e8106d08c5f2b7c6dc2afbac0
-
SHA512
cd1b8f928ad4eb923a015803d32f0a15f989d0f5e80ecc24f7619a134c499971f8fac8d8620b6a97f299d2e75cc63555bfb30b8ab896fabbddd626d6f6e92110
-
SSDEEP
24576:RLxOw7oJiFvzNLGDID1IZqlC4Wk4O2Wzrtg7:RLs1JuY/u4n
Static task
static1
Behavioral task
behavioral1
Sample
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
RemoteHost
paygateme.net:2286
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BDTHCE
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
-
Size
984KB
-
MD5
3f6158f27ef80630313026f52cac93f4
-
SHA1
ba374eb42010c5cf44fdc259983dc44442cb0753
-
SHA256
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b
-
SHA512
7ce1b216d055a6ae8491d93fab07502646b1a1939e2796005005875405e65ae5a2d97fc7607690ba2d38683678d22206529ad57d26c243e76c695da5b67faaf0
-
SSDEEP
24576:4Nxc5Gjn6R/TiWtnTS65ox40AjuCDLym06vQvyi3B:CxfjnkOYJ5cbuLyZ9
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-