General
-
Target
11072024_0801_11072024_Factura32589102675661702066098721813514290110013813751186178887533940556.7z
-
Size
503KB
-
Sample
240711-jwqntszamb
-
MD5
a213603c387c90f748ed63b92a9e179c
-
SHA1
6c3f35bba64357e8de77b5d72e6c65547552b167
-
SHA256
89b3b369e3b07ecf9cf72de6708fe585619bdc7a1ac0d9552b8573e6384649ae
-
SHA512
d7b60fd998b45357e538afb23c846b607f20174e807ab3a435b35bb82a39b75bbc4a21ceed6a57c9630e9b12ff05d184821ae6053e6176aa815975348714bef2
-
SSDEEP
12288:TP6ShDXAN2LDJHe7Exom3akIBb6L7BA3er978GXjBQE:zvhLAuD2Bm3cxu5oGz9
Static task
static1
Behavioral task
behavioral1
Sample
Factura32589102675661702066098721813514290110013813751186178887533940556.exe
Resource
win7-20240704-en
Malware Config
Extracted
remcos
Start
185.196.9.78:24041
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
log.dat
-
keylog_flag
false
-
keylog_folder
System01
-
mouse_option
false
-
mutex
Rmcxyz1-AEDW2I
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Factura32589102675661702066098721813514290110013813751186178887533940556.exe
-
Size
235.0MB
-
MD5
fa51063cb831d7c093e72de83d927e09
-
SHA1
3235fc94c49d40ac1674d526bd84121f59064928
-
SHA256
d2c2eb711a020d0941c2d24d03db3d1b0bdfbc2399ce795aa1d00997ef9bc6a2
-
SHA512
b2920aee0c91950f50e88411d57182dd895cbf31b7518e2f8a110c0a8f65cfcf1ec9b9f63b3d2765694c44a71fba005c69947ccdfb1cacffc3e36ffb1241073f
-
SSDEEP
12288:alQGCoTPUMMucemBbNp68Muq1nnv3nhGvyq1slToG:alnMTBbSZBnv3REsNn
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-