General
-
Target
Lectura de cargos.tbz
-
Size
768KB
-
Sample
230329-m5hw5aga42
-
MD5
d901e593ca0bda11076dab4df697790f
-
SHA1
62b8e2711a2d7816eabeb3b4771aec9c0b145d5c
-
SHA256
f40af51c8b3838de273c59423063897ab6bfe9df596a472a6b634dcd7a71cbc2
-
SHA512
9b804ab7081782abc24aed2bdf1e8c3f0c97ed32fa2f18b5b2b3cf2725c862b8c647dfeb56f69996994165881fe2c58df701ea77df7c79a4fc4bc56c58190f72
-
SSDEEP
12288:Rg3vySD/gGUhLuv+pKHliXPqKp9/mdPOFXRFqubFuIjCTWKoO1AadOXD0rSJpRV5:R1i/gGUp6+pKHlHKp9/mGDcubFuMbxDf
Static task
static1
Behavioral task
behavioral1
Sample
Lectura de cargos.exe
Resource
win7-20230220-en
Malware Config
Extracted
remcos
28MARZO
20.38.13.217:2524
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2GPJZT
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Lectura de cargos.exe
-
Size
670.0MB
-
MD5
bdb8cbc51cb8f186e4a8b56217ead338
-
SHA1
877b1f5e43bd90fc3be1bda08250c87565a10f3a
-
SHA256
7706a18ee5ae4110a77ee6b4b055cdcd46f120d00895e8568a246865cad9c18e
-
SHA512
e06a768c2c74f8d7f5cab67ba2e5f9925be6302c755d6cefa205b0c635bd2d1db793417ef18bd0f65ec701105ff055bc71160ab1f20206e1ec2ee5e84dcae535
-
SSDEEP
12288:vbi3O31sGfWn39miK2Ft2ktxEFSrb63M9/Zc3C/0Pw2ZG5VrVKQBybBr3:DD+39MQwktxEx3MRu3c59VKQBybBz
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-