Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
465c444d20b3e265e924360ced45ea8e6e8ef2cdf46ed4d7ae71ed9e1e4e10ca
-
Size
352KB
-
Sample
240818-fx9ljszgjk
-
MD5
e75439b20cab586a15874a864706f328
-
SHA1
8e9382773296854a253f9c7840d5b3d54d2f041b
-
SHA256
465c444d20b3e265e924360ced45ea8e6e8ef2cdf46ed4d7ae71ed9e1e4e10ca
-
SHA512
9eaf218719e734a5c76393861de269f7ad114aa1f3f803308c85086c85992b5df461e1e6b05e187ca6cd7ea4c7f3361efd1b1803a196914054c8eb32164b6818
-
SSDEEP
6144:2qlonWp9KdXv6gvNSS8aVr0nbUlUq1IJ8JaDlpiBpe7QRfH91w42/TARn:LonNigvona10Jq1vQZQ73z2/0Rn
Static task
static1
Behavioral task
behavioral1
Sample
1619172a202b25aff96beb80b21fbda70ed92237a88a7a4d990f5de77b19677d.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1619172a202b25aff96beb80b21fbda70ed92237a88a7a4d990f5de77b19677d.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
benchao
tochisglobal.ddns.net:6426
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-9R4HLX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1619172a202b25aff96beb80b21fbda70ed92237a88a7a4d990f5de77b19677d.exe
-
Size
519KB
-
MD5
aaf009498fd654fe098a30d1ec1d3120
-
SHA1
d6de6ea6d8deb0b700cda51e8f366d3a333ffa29
-
SHA256
1619172a202b25aff96beb80b21fbda70ed92237a88a7a4d990f5de77b19677d
-
SHA512
6c601a13522500196ac58dc3b75ead4b438ddc149a4e1513a0657ea69be98845428f0bd76285218053532bfb59f702e091310dc92e00d9af1a7def2416581460
-
SSDEEP
6144:+xwgiJ4h+W4PQgPniiWn14owKYHvYLPG7nIsJmwu1WGFKPVMmNK1ftxU3WaN5rfx:cS4QZyn14rBHcgpJmwuAN7Cfn2v5P
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
af4324802813a5a897db2167fc10e291
-
SHA1
916bd47457dcb4247743626e86492436b77bebf8
-
SHA256
92cb3b3a7280246743543325d3fe9a7d72c63227f9540d25d5ef27b2ce8856b4
-
SHA512
cb3e07c4558049634078808bd419860c6e2855a02bba79541cea80873fe6db58cf667a27c111521df09ef30f92c149736092c473fde28bbb5974be6d7ddab83c
-
SSDEEP
48:qcjtDVP10LgQL8QRU8IlmWm7WmnuWK8hSemoMqG5QEv8sF9UwofMU:xVPFQIqlemWm7WmTaehG+Ekq
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
6c38da8922cc37b4bbb77de4a63ad843
-
SHA1
4e0533fd11df8bddbd543ed58df7b6060d9f4631
-
SHA256
1624d9ad8b2e2658af224691263f64388ba3a997efe80011889e3c35237ce4c1
-
SHA512
ad0be3d7e57da9c304e9b9cac5341b6c76b157456ab44f5579d6c38c830a31c9c3e1e9a875b8f465243c607ea2ede6b0bb77237f17a70a4d4c78606e036c3430
-
SSDEEP
192:wA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:QR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score3/10 -