General
-
Target
formulario_agendamiento_citas2.zip
-
Size
9.4MB
-
Sample
240826-1chbsawepe
-
MD5
494b601e0b3932fab0ef22ed91c77278
-
SHA1
754241d8fe6c8fffffb99bf5250258a56d52d4b3
-
SHA256
b4fcc0bb3fc8beba9218d058298ca32302b89f31252f04cca4f640841866db62
-
SHA512
d269ccbe8a4e08f731d7ce880d7917f7f829e9668a14a8009f83a690fcc9894e60903d44c9a4710c5655e1fb281d541293f9d6ed6d1fb8df9ccdbd6992289305
-
SSDEEP
98304:6RrYyhm/Ngv88ZSN3YX/6GdBuj+EgKj3k0mNkgb3S6B4wa36YxA+7p0Zgci:mu/Nn8oCza+EDk0m+4S6B4Vvy+FTci
Malware Config
Extracted
remcos
MARZO 18 MUCHACHA
imaxatmonk.imaxatmonk.com:2204
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Acobatlg.exe
-
copy_folder
edqelofh
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
colrahfc
-
mouse_option
false
-
mutex
imaxmontsk-FYKXFK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
formulario_agendamiento_citas2.zip
-
Size
9.4MB
-
MD5
494b601e0b3932fab0ef22ed91c77278
-
SHA1
754241d8fe6c8fffffb99bf5250258a56d52d4b3
-
SHA256
b4fcc0bb3fc8beba9218d058298ca32302b89f31252f04cca4f640841866db62
-
SHA512
d269ccbe8a4e08f731d7ce880d7917f7f829e9668a14a8009f83a690fcc9894e60903d44c9a4710c5655e1fb281d541293f9d6ed6d1fb8df9ccdbd6992289305
-
SSDEEP
98304:6RrYyhm/Ngv88ZSN3YX/6GdBuj+EgKj3k0mNkgb3S6B4wa36YxA+7p0Zgci:mu/Nn8oCza+EDk0m+4S6B4Vvy+FTci
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-