General
-
Target
formulario_agendamiento_citas.zip
-
Size
3.9MB
-
Sample
240524-zpd98aba69
-
MD5
c35b67f0e01d537c2d30391c6c010adc
-
SHA1
937a5e4e40461c5f1c7af057b03b7578592507d8
-
SHA256
278cc9fc0f5b2c94055904ab3fad6460f84a6b19eafdfe74f4516c499984159d
-
SHA512
2593f8d2b433f801d41adcef2e896b2556abe6c5e4cbb220ecf27261976d8203570553c94a0610c95161bb13566e1999dfdec448f42b3eef09fbc6d5b17548a6
-
SSDEEP
98304:9IrkzW2tFJK3cTSC9DtkwsMHUn+xz/Hb68n:9IgzW2PUXKtkxMHUkdn
Static task
static1
Behavioral task
behavioral1
Sample
formulario_agendamiento_citas.msi
Resource
win10-20240404-es
Malware Config
Extracted
remcos
MAYO 17 MUCHACHA
imaxatmonk.imaxatmonk.com:2204
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Acobatlg.exe
-
copy_folder
edqelofh
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
corpum
-
mouse_option
false
-
mutex
umbrelid-84JUA7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
formulario_agendamiento_citas.msi
-
Size
6.4MB
-
MD5
5d6aad7d24c82c436bf84f7c96d8b71e
-
SHA1
15eb8ced4d32db0ca3523ff29e422fd1c30feeff
-
SHA256
93ad63b02cc57ae0aa1c184a97d5ed2f5515ee2d99a222518b470ba8aa62e907
-
SHA512
faf8f1b85a53f886ac8cadba6c57716107f578a6b5734716750080ee72ec09c6968a2e6272074f5957612ecefd24f9634c3e19211e0639e28c047a7993ac96f3
-
SSDEEP
98304:VRJYyhBR8PwaJ2A0pAC+tmJYoo/h8z91xS6G4ztg6ERGoNpR/Xs:z/R8PwWC+t8Z1xS6G4huIoNjXs
Score10/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-