General
-
Target
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497
-
Size
4.2MB
-
Sample
241031-bgaeastrey
-
MD5
1e8e0e1c2376471f15e86b1542781577
-
SHA1
8e4b1740d5bebd1105d62e9fab2303ad5ef23315
-
SHA256
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497
-
SHA512
3d06379b0ad5bc2160ea6b912cf709790ea908116206f56599b0f85cd71e22e7cb6e550915926555842c5d2070bb94e4f93943d9a05e6e06af9c28689d762f87
-
SSDEEP
98304:PHDYssiPRhINnq95FoHVBG333TiMBOWb7/:Hs9q95YVBwRJv
Static task
static1
Behavioral task
behavioral1
Sample
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
VERDES
comunion992.linkpc.net:3019
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
datos
-
mouse_option
false
-
mutex
jefwwoboewfpmefi-FDODC3
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497
-
Size
4.2MB
-
MD5
1e8e0e1c2376471f15e86b1542781577
-
SHA1
8e4b1740d5bebd1105d62e9fab2303ad5ef23315
-
SHA256
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497
-
SHA512
3d06379b0ad5bc2160ea6b912cf709790ea908116206f56599b0f85cd71e22e7cb6e550915926555842c5d2070bb94e4f93943d9a05e6e06af9c28689d762f87
-
SSDEEP
98304:PHDYssiPRhINnq95FoHVBG333TiMBOWb7/:Hs9q95YVBwRJv
Score10/10-
Remcos family
-
Adds Run key to start application
-