General
-
Target
SERFINANZA_ADJUNTO_9695451573392712899247_2147161820426097673_187809811078594203505679279158_6666787508879385718216085_pdf.exe
-
Size
1.1MB
-
Sample
201228-t3dvz93kkj
-
MD5
80d443f86ee478fdbc57527723a00ba5
-
SHA1
7d56f5438cc32a1655e12021b3f74f03b4b15c73
-
SHA256
483ceb8e56d7a31cab2e789ddb77c34107700904d40a0dcf60552b56a4c3e911
-
SHA512
f585c7fa6c4f351cb43447b4379707d2a86a4a28e43b1665647b7141ce93ff8bcaadd2b1de280bbdf59d45b12a4ba7c78d609a9aa33aa07dd91794f23bab1141
Static task
static1
Behavioral task
behavioral1
Sample
SERFINANZA_ADJUNTO_9695451573392712899247_2147161820426097673_187809811078594203505679279158_6666787508879385718216085_pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SERFINANZA_ADJUNTO_9695451573392712899247_2147161820426097673_187809811078594203505679279158_6666787508879385718216085_pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:7680
Targets
-
-
Target
SERFINANZA_ADJUNTO_9695451573392712899247_2147161820426097673_187809811078594203505679279158_6666787508879385718216085_pdf.exe
-
Size
1.1MB
-
MD5
80d443f86ee478fdbc57527723a00ba5
-
SHA1
7d56f5438cc32a1655e12021b3f74f03b4b15c73
-
SHA256
483ceb8e56d7a31cab2e789ddb77c34107700904d40a0dcf60552b56a4c3e911
-
SHA512
f585c7fa6c4f351cb43447b4379707d2a86a4a28e43b1665647b7141ce93ff8bcaadd2b1de280bbdf59d45b12a4ba7c78d609a9aa33aa07dd91794f23bab1141
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-