General
-
Target
Lectura de cargos.tbz
-
Size
720KB
-
Sample
230328-jf78yabd81
-
MD5
6889b6a643701a10bf96e8019e4a5735
-
SHA1
f74e6a2779e8d1f30ec3ae03dad853622aedb49c
-
SHA256
aa748b98c46829a83c87bb11003e7c74a09ddb442f288d721653740f4350ed76
-
SHA512
0b0ff5849a9f75c7a64dd1102857973142aca54c01eab7cf16e34502de2e4f9f16fc71f486e5b1c9ae78ae888f99cd372480b3f9446238f792d0627a74f6ea09
-
SSDEEP
12288:cB9+Rr4ON6FjY2InBG3yCZ43NZ64OLvgAdtdz/Q0rXzPqLGphTJwU26wLOgOS16:cBoRrlRQiLmJ79brXzSqPJwU2TESo
Static task
static1
Behavioral task
behavioral1
Sample
Lectura de cargos.exe
Resource
win7-20230220-en
Malware Config
Extracted
remcos
21-marzo
20.38.13.217:2524
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-KUGK7N
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Lectura de cargos.exe
-
Size
420.0MB
-
MD5
3699f52d9d6cf60fcf8cfc3b2594d0a6
-
SHA1
90a772e4d65d65dfcd7673de798180dbdf143ea2
-
SHA256
4b49dcfe526fbd91184caa931c60b6e430c72ddd0b05b1df3ffa855bebf9499b
-
SHA512
1549f3e6df361332077fdf4740b7b3aa5bd8a986470d847ed5b53899427bb2d7bc10dd8bb6dbe479cc86731280ce354cdf65c51b7df61336a4638f1a810b3093
-
SSDEEP
12288:sixvWiHIG85ZOTahHYByyT/0rrdmPLxUkol6F6yayQXm0kWqJbYyM2NoqA0:PWi0gQly5NxO6VayL0ktb3nNPl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-