General
-
Target
AUTO N° 073 DEL ACUERDO No 006 DE 2024 ABRIL 16.tar
-
Size
1.1MB
-
Sample
240419-pv1qasce97
-
MD5
20f37b32403c86ccd2f80f0c5add9e15
-
SHA1
b392cc3c993f61e5e0cb31d3bf4a0bd24a452ee0
-
SHA256
03837496b0c4a907c2dd47c5dbd50d24f08e90af52ad038db442c46a5b4d84c5
-
SHA512
72cb3620ba271da1efe138ece626b4b798ede9568706ac4eef76b30efc684b0ea98896c066d06cd8af7a8e1135077bda1a56d0ffe905e5051c0740cd4b238edc
-
SSDEEP
24576:HvLdJANPkjsp+K+nOf8e/5Hg7R8wAHy4nysYEym:HTdJgPkjhi1/5Hg7SwASzsF
Static task
static1
Behavioral task
behavioral1
Sample
AUTO N° 073 DEL ACUERDO No 006 DE 2024 ABRIL 16.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
AUTO N° 073 DEL ACUERDO No 006 DE 2024 ABRIL 16.rar
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
ARMAS
cada1224.con-ip.com:1997
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-Z0DI4D
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
AUTO N° 073 DEL ACUERDO No 006 DE 2024 ABRIL 16.tar
-
Size
1.1MB
-
MD5
20f37b32403c86ccd2f80f0c5add9e15
-
SHA1
b392cc3c993f61e5e0cb31d3bf4a0bd24a452ee0
-
SHA256
03837496b0c4a907c2dd47c5dbd50d24f08e90af52ad038db442c46a5b4d84c5
-
SHA512
72cb3620ba271da1efe138ece626b4b798ede9568706ac4eef76b30efc684b0ea98896c066d06cd8af7a8e1135077bda1a56d0ffe905e5051c0740cd4b238edc
-
SSDEEP
24576:HvLdJANPkjsp+K+nOf8e/5Hg7R8wAHy4nysYEym:HTdJgPkjhi1/5Hg7SwASzsF
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-