Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
30112024_0147_DEMANDA LABORAL POR ABUSO DE CONFIANZA 01.XZ
-
Size
4.2MB
-
Sample
241130-b71zya1kdp
-
MD5
2ca55fceb82d2d3336981aaa84e7b7c4
-
SHA1
cac23774a398249ae0e29b38eae4db7232278028
-
SHA256
a398f3f8204155c5b12c109e72d9bc0b980d2e9ad759442635f66358fdf9c8b6
-
SHA512
33b94c6f47daa16b38c3f73d4d91a3aa9af0ec194ef59bc82c1593e693f6e563a3b9e18f977dfbd173050297e55b59cf8c4667bb15824fb92db4aca604ea3b20
-
SSDEEP
98304:v1+YMtggILzASmooNra3tSlGayLMzo5zW0:vJgtI/ASQra9Sll+I50
Static task
static1
Behavioral task
behavioral1
Sample
DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/WINMM.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/WINMM.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/zoom.exe
Resource
win7-20240903-en
Malware Config
Extracted
remcos
GUS
mastergusta.kozow.com:5151
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6Q2P7E
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/WINMM.dll
-
Size
5.0MB
-
MD5
c1e4443c640d1dc0b408356a0ef216be
-
SHA1
9ca2853691bf347e12e620dadcf6ea1cceb817fe
-
SHA256
812e1927550e39501b2477df2479dc239b428d11bbae81e719c220769ccd7b34
-
SHA512
2d47e620c46634519a861b68ac779e22a910b1f3495d5fb8a3fbad43601bc430a13e538d571192c6aaae83fda2d0c1607901aa7a360bea18da732d1bf81b86c3
-
SSDEEP
98304:3yhaH4iFZp4lHd4iQfJuI5Tf4rYfthIfsuspcZpccVHu2S5nneBOc7uZ:3dH4i6l2wWFhnbi/HuveB
-
Remcos family
-
Executes dropped EXE
-
-
-
Target
DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/zoom.exe
-
Size
2.3MB
-
MD5
5013571e104d9dd42ca2d94e81e430f8
-
SHA1
0e0e2b2f1688b77ebea638aa2e12f6462722fcb0
-
SHA256
9783cdd475c54ec21a035b5035c80329fa14be830c71c7c133de06ed98ad86d8
-
SHA512
c2a4fbb1231cb15fbe3a733c5477d7d0e95ae15cf9a5c7d53eeb452d6b5212a24754d596b90715cead5ae825c989afcacf14c33c1fd363a95cb86a0bc65f932e
-
SSDEEP
24576:oKkVrHgHx4mYlt+e5N2lWByqwSFg9NJo7thp9clBb2:Huri4LltP5NSn9NJIclBC
-
Remcos family
-