General
-
Target
sostener.vbs
-
Size
159KB
-
Sample
231205-t6ysasch38
-
MD5
bddd8601fde69d9376fec504ee5c812a
-
SHA1
a0e6e03bc0ffdfa06535e2c6ce501e8037e1b331
-
SHA256
135bda295f096086b57df4c66f9edc207b01d7792c16b808039f8fa64e9eecf1
-
SHA512
8db21dbff6bc24647092eac6909a7962c182fe1970d8a9e57c922959061e750914485319594e74099599e4b619f4700a4b332cf84b071b09683bf46e048c5e9f
-
SSDEEP
192:m2aql0M+pOo8nOncu1IbNyUWDcavU5VvJlZcHh2aHJlZx:fauoqGcuWUUWDNUlpapN
Static task
static1
Behavioral task
behavioral1
Sample
sostener.vbs
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
sostener.vbs
Resource
win10v2004-20231127-en
Malware Config
Extracted
remcos
RemoteHost
remccoss2023.duckdns.org:4576
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-E5ZBB0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
sostener.vbs
-
Size
159KB
-
MD5
bddd8601fde69d9376fec504ee5c812a
-
SHA1
a0e6e03bc0ffdfa06535e2c6ce501e8037e1b331
-
SHA256
135bda295f096086b57df4c66f9edc207b01d7792c16b808039f8fa64e9eecf1
-
SHA512
8db21dbff6bc24647092eac6909a7962c182fe1970d8a9e57c922959061e750914485319594e74099599e4b619f4700a4b332cf84b071b09683bf46e048c5e9f
-
SSDEEP
192:m2aql0M+pOo8nOncu1IbNyUWDcavU5VvJlZcHh2aHJlZx:fauoqGcuWUUWDNUlpapN
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-