Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13082024_1645_13082024_FedEX Arrival - AWB# 102235506763.zip
-
Size
482KB
-
Sample
240813-t9h61szbqr
-
MD5
4c99b8ce95a67b1c82d4488c266da906
-
SHA1
84d9d089e66b3802a472be09e3222f721cf7ac93
-
SHA256
6ae4cd7a6499338fc9b4c156be801ca893c6f94a5212b5de0fcc9c5e8a8c251e
-
SHA512
bf3b1d03b338a5939a1e34dbf651b8621a236bdaa00943b388b2ab2041782068cf94654c0f9813c4dac94b3e4500eb6d57566912d66767b1dac5abee898433f0
-
SSDEEP
12288:CtVJjy5DBlaAThVjXcDmsArbAAYW7BEgaSP5qyg73H:C5j02APoqssbAAnBkyYH
Static task
static1
Behavioral task
behavioral1
Sample
FedEX Arrival - AWB# 102235506763.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
FedEX Arrival - AWB# 102235506763.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
benchao
tochisglobal.ddns.net:6426
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-9R4HLX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FedEX Arrival - AWB# 102235506763.exe
-
Size
500KB
-
MD5
591e37c2118d8137bca5bc35a8c0a986
-
SHA1
dd752209e4f9a1a18a09dce2f90efc2a74b66ae0
-
SHA256
16e1fc1631183e97739837a4d7fb915d77eedec6784b66402ca3c20138080b78
-
SHA512
b0d29c79271dac601e4ecdd5613d3a8e263214ca5b4c77222482f39f45f5bf8ade0b6abb6f05076e5965d29df9446c0456265284122e887dbd2fa55f4bc6c727
-
SSDEEP
12288:iYLJjm5DBJMATlVjXqDMsArPAA0WvBQgamTvaygr+T:iYNjIEADeIssPAATdoyVT
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -