General
-
Target
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2
-
Size
337KB
-
Sample
201109-2rsy5sfvcx
-
MD5
54be0c733c2f2ec0d17da28bd5f5d229
-
SHA1
2018ec1b9b4040d304d76ae8e0cb66edc0c5ce50
-
SHA256
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2
-
SHA512
f259c6f49c680afa464b0b7c341ca90fc33b28fcb219cf8d75eb36f9592975973751bef476d7332e6d4c4473cd60779f5c5b62f41db83816079a2e5559578721
Static task
static1
Behavioral task
behavioral1
Sample
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
servr.killifabuse1.xyz:8643
Targets
-
-
Target
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2
-
Size
337KB
-
MD5
54be0c733c2f2ec0d17da28bd5f5d229
-
SHA1
2018ec1b9b4040d304d76ae8e0cb66edc0c5ce50
-
SHA256
77f25549a1a3f0bc29ca746125f0ad306418ee9699c1b7cd57c36d29488134d2
-
SHA512
f259c6f49c680afa464b0b7c341ca90fc33b28fcb219cf8d75eb36f9592975973751bef476d7332e6d4c4473cd60779f5c5b62f41db83816079a2e5559578721
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-