General
-
Target
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
-
Size
86KB
-
Sample
230704-szn4vagf3x
-
MD5
068ffdc02f1552e8b7817e1e7007e88a
-
SHA1
c93960bf3f475178277865c4021c7b8e74738740
-
SHA256
287330d6b24150da781995a2fd8b0b57e60c68d58bfbea9a6a789d338e62297c
-
SHA512
09fee4ffbdce1954554cea8d45cef2f46591fdf3c9e489099a4100d1ccb9e07d1fea5adba8c2ced939eaa9cbc7aac50f3e6e3bbc381de7dd509acf3ee590c18c
-
SSDEEP
1536:AYSWIW2TnneVKWj7K8tU6PWlL4V6/IlKWgIpnRcTV4:A3yN7Q6F7DjpnWp
Static task
static1
Behavioral task
behavioral1
Sample
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
Resource
win10v2004-20230621-en
Malware Config
Extracted
remcos
BILLETE
cactus.con-ip.com:7770
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-9927QM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
-
Size
86KB
-
MD5
068ffdc02f1552e8b7817e1e7007e88a
-
SHA1
c93960bf3f475178277865c4021c7b8e74738740
-
SHA256
287330d6b24150da781995a2fd8b0b57e60c68d58bfbea9a6a789d338e62297c
-
SHA512
09fee4ffbdce1954554cea8d45cef2f46591fdf3c9e489099a4100d1ccb9e07d1fea5adba8c2ced939eaa9cbc7aac50f3e6e3bbc381de7dd509acf3ee590c18c
-
SSDEEP
1536:AYSWIW2TnneVKWj7K8tU6PWlL4V6/IlKWgIpnRcTV4:A3yN7Q6F7DjpnWp
-
Executes dropped EXE
-
Drops file in System32 directory
-