Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ce780b54c89a5fe2c0fe7fa6ff246b00ca4e15ee84b80c4d6730f30f345912ed_dump.exe
-
Size
483KB
-
Sample
240530-lxrnmade8x
-
MD5
dfed304d49603949b72a9840e46b4cab
-
SHA1
f872be1c08a60df4a4d2ae7e4ef9d6ef30b5e308
-
SHA256
fe90e7a7d24d0a6185c652cd88dabd4126000d71d5b1009c8b6aa6ab5eeb6ebd
-
SHA512
80cd04e477b4295f46094a3fd71a9c29647c1fa4429a353b829e9615394d23047ddf6826d5b74672168651b3aa4ccd5ea7faead8ea591c5639276063895d58de
-
SSDEEP
6144:mXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNW5Gv:mX7tPMK8ctGe4Dzl4h2QnuPs/ZDPcv
Behavioral task
behavioral1
Sample
ce780b54c89a5fe2c0fe7fa6ff246b00ca4e15ee84b80c4d6730f30f345912ed_dump.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ce780b54c89a5fe2c0fe7fa6ff246b00ca4e15ee84b80c4d6730f30f345912ed_dump.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:46517
127.0.0.1:55767
mypersonrem.duckdns.org:46517
mypersonrem.duckdns.org:55767
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6IQ6YR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
ce780b54c89a5fe2c0fe7fa6ff246b00ca4e15ee84b80c4d6730f30f345912ed_dump.exe
-
Size
483KB
-
MD5
dfed304d49603949b72a9840e46b4cab
-
SHA1
f872be1c08a60df4a4d2ae7e4ef9d6ef30b5e308
-
SHA256
fe90e7a7d24d0a6185c652cd88dabd4126000d71d5b1009c8b6aa6ab5eeb6ebd
-
SHA512
80cd04e477b4295f46094a3fd71a9c29647c1fa4429a353b829e9615394d23047ddf6826d5b74672168651b3aa4ccd5ea7faead8ea591c5639276063895d58de
-
SSDEEP
6144:mXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNW5Gv:mX7tPMK8ctGe4Dzl4h2QnuPs/ZDPcv
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-