Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fea2216981e8976a502c79405747b623b22f0492d0ea779eae026249f64ca908
-
Size
798KB
-
Sample
240515-k6ly3aae6v
-
MD5
91cbe2fb626a2f78f89e3218ab473e4b
-
SHA1
5deb6f4ac80752aa4a3d66514da1d76de3b34911
-
SHA256
fea2216981e8976a502c79405747b623b22f0492d0ea779eae026249f64ca908
-
SHA512
fcf66c1de29ee7c4d5cab78c189c4ef064913df4c8a08705837acdd7d24d4e691f8d2f082ed2aafc3d2bb55bbd5534a601ffaffe55bd844c4b0746a6fde196f3
-
SSDEEP
24576:in9S9P3rqU2xDU8ICxcXdq2MqjVE9CRlezOrdML:ikR3rMxQpN5cCfeCrdML
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_order_PO1989404.cmd
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Purchase_order_PO1989404.cmd
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
RemoteHost
taker202.ddns.net:3017
taker202.duckdns.org:5033
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
xmnw-AAJ144
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Purchase_order_PO1989404.cmd
-
Size
4.5MB
-
MD5
4f9b4171ee4728182a576b52c934da7d
-
SHA1
d58845c88d55aac067b919a5b4bde79d228cf5b6
-
SHA256
bd4ac830b43dc0f7f7ed19e1cb9b51783bfe36dfd8e58cc93a2e139fcce2c1e8
-
SHA512
7782a15c610d419935960f8f73243c9016441476f666c99bb71de4234f9006aa94bdc643ecda6f274187a8f41953796ea089abc20a001c771776d9b4d2355f0a
-
SSDEEP
24576:ajN3QGmU4n/+6JVT+avOgeF/ehZ2gCrxBJGhRCAQ:iFQGmdn/+GdRvOX9gCqQ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-