General
-
Target
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83
-
Size
257KB
-
Sample
201109-drw65sz3xs
-
MD5
6546310491f91536d50a4afec31d29ad
-
SHA1
fe52fb147856063236b35cfc44109c433c4f80c3
-
SHA256
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83
-
SHA512
79c52bf52ffa8d35822e9c9496391d3325c44a723e1036dc5bc9ac40769fdecb0abb000db0ff7bf95bf1b51166449540ede564c4902530a07ae1c0319877cfed
Static task
static1
Behavioral task
behavioral1
Sample
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
vuelta2020.ddns.net:7373
Targets
-
-
Target
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83
-
Size
257KB
-
MD5
6546310491f91536d50a4afec31d29ad
-
SHA1
fe52fb147856063236b35cfc44109c433c4f80c3
-
SHA256
11a7d2f2722df45e01851eb75765dbcb21f70ea9c8f89f58b9e8ccacda92cc83
-
SHA512
79c52bf52ffa8d35822e9c9496391d3325c44a723e1036dc5bc9ac40769fdecb0abb000db0ff7bf95bf1b51166449540ede564c4902530a07ae1c0319877cfed
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-