Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2852-21-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
192002afe7dd6527527d86e2d022260c
-
SHA1
7a0f2476bf094950e0b78d4ac9045cfcdf924e96
-
SHA256
f771641d111f6fd91d48ff5e98fe39ce12ab7ea0cf72d1481e3691fdedbc24e8
-
SHA512
de8a16d19c673a87c6dd4156b04e52aebc37e49d5314a71b7d87c480026ab3f4ae9b633b723ccafbe0a059f697e9cbc2b7baeceef50aea2ac5e8b58fbf743851
-
SSDEEP
12288:Obmnk7iLJbpIpiRL6I2W9KQ9ZsfZQSDn9:uiLJbpI7I2W/qZ7D9
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
Host
C2
oyo.work.gd:3142
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
pdf
-
mouse_option
false
-
mutex
jkm-I9KENP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
ios
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2852-21-0x0000000000400000-0x000000000047F000-memory.dmp
Headers
Sections