Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b39b7a119f7701a60aa8a9f540b37f6d.tar
-
Size
1.8MB
-
Sample
241009-2dwfgazena
-
MD5
b39b7a119f7701a60aa8a9f540b37f6d
-
SHA1
ff417a84ae0457c71205531b7b229efcb45fffbd
-
SHA256
c73c1395d9585ff79d683d069a6803006bcff169937bd2e6687fac3284d314ec
-
SHA512
1681476a90d440719e5f27f2766a746bd97020d8b3e9b6428e0fd9555320023a4344ae2975178df220fc25584bf7a25f01dc263c0d0138850b34e6480c698510
-
SSDEEP
49152:yblowQyXLkkDv9NUr0216ZR5hBSISZg/72GKLR:ySKXLkk4w21AR5hBUZg/qVR
Static task
static1
Behavioral task
behavioral1
Sample
OFICIO 002394939249 TESORERIA No. 0399498-002024.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
OFICIO 002394939249 TESORERIA No. 0399498-002024.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
OCTU
segurosbolivar24.con-ip.com:2006
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
regist
-
mouse_option
false
-
mutex
ljnghvfghujkvgnasftnz-X8YJ1F
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
OFICIO 002394939249 TESORERIA No. 0399498-002024.exe
-
Size
4.9MB
-
MD5
cbdd93c0f2fdc3549188bad11af2cbb6
-
SHA1
bb8023707452a17e8236cae8d2e7a11cc0ec8c1d
-
SHA256
8aa24e0acffe7459f0662e8f3852fc34ed65a6e05cd468bdbc4c7a30c480a169
-
SHA512
8cfcdee2366f3d7e276070e7a353346600f58da66c4dbe940a8db58a5b1b6c1bea91fac7fd6a99b8db7a9e3bc09f2b491807e2af91b1aba6b16631a15f41a919
-
SSDEEP
49152:GSq2zkGQxfkScRd2j4309+eZypv0rMHul1gUuu9blTeYbkqFTckW4lLFQoMHMZKB:GStzEx9xypvogUuuhkYbkqFWCMojwH
Score10/10-
Adds Run key to start application
-