General
-
Target
QUOTATION 21 11 2020.exe
-
Size
906KB
-
Sample
201121-4rfpgm5kqa
-
MD5
be2f5670427369fb1d7bf50e32e60f06
-
SHA1
88412c7f107c686619ec61cec8662861744e455d
-
SHA256
61248c209119bd790c6ad906dd9d12e7a03455c2b2f6e4b7d1432aed6ae92439
-
SHA512
d556aebfb5e9d6225ef2d5e08e6ce7310e40895bf9b08f38df95e1a96e4cc4a01f0d087cacddbb3e067abc8b5296b11793ce6ae77dc48f4a924754bd06f71ef8
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION 21 11 2020.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
185.140.53.197:1011
Targets
-
-
Target
QUOTATION 21 11 2020.exe
-
Size
906KB
-
MD5
be2f5670427369fb1d7bf50e32e60f06
-
SHA1
88412c7f107c686619ec61cec8662861744e455d
-
SHA256
61248c209119bd790c6ad906dd9d12e7a03455c2b2f6e4b7d1432aed6ae92439
-
SHA512
d556aebfb5e9d6225ef2d5e08e6ce7310e40895bf9b08f38df95e1a96e4cc4a01f0d087cacddbb3e067abc8b5296b11793ce6ae77dc48f4a924754bd06f71ef8
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-