General
-
Target
VALI URGE No FVE 9548 ABRIL 10 DEL 2024.tar
-
Size
21.7MB
-
Sample
240410-zx2eqaee8t
-
MD5
105e34480e40d30724c59721e93ddfac
-
SHA1
e473a34e9c14bff3599d1be6d56c768025e15441
-
SHA256
5008e38b7877d9c70a4fd7c48b2b3f6a4b9967ead50e91eff4a5deb59e7d95ff
-
SHA512
6c3efc8372009af5508d0900e87203acb71b2d880c5f72b87860fcdcb149b753a5ae61373175d95689a6618c7c0d7a416e93f7910ba0516bc6bcd68dc689adf0
-
SSDEEP
393216:gkq5tRLwvFGAmn/T9DvmEwiixLLVEYaVyDxppRwFK3q5hNBqY5H/5RLlc95rIo:gkqn2NG7T96B2VyVpTw15hNUY895r1
Static task
static1
Behavioral task
behavioral1
Sample
VALI URGE No FVE 9548 ABRIL 10 DEL 2024.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
VALI URGE No FVE 9548 ABRIL 10 DEL 2024.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
BENDECIDO
limpios.con-ip.com:1991
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-9MWYZO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
VALI URGE No FVE 9548 ABRIL 10 DEL 2024.exe
-
Size
70.2MB
-
MD5
a9b2503d832d58655c38082c52ce6a73
-
SHA1
b1797fd85f8d8c2f11274747565ed41be5900cd5
-
SHA256
95aa22d791731eee133ea016387abc2fe02547643e50328ad2cd0464104ccd20
-
SHA512
e35f5d823cd7205304f1969a53b06e36727d3366d3b4d54e54295e2368612c0e01e8398e9096727226de3737a5f028ae29e5ef9cdfe2d72c2dba8bd7c87c908b
-
SSDEEP
1572864:x5w5eNmll2Ca9N41CGwqxRXL/A3mGmkAOTIJsbXCt2X3M8VXDs09Dl:LYqV5
Score10/10-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-