Extracted

• • Target

    2019-2020_SOA_Payment_31 Dec2020.xlsx

  • Size

    2.4MB

  • MD5

    efc08164cb9e834339a486bdcaa78b51

  • SHA1

    73e218959d5039108e9654cf30cc227651a6ca7f

  • SHA256

    7aa3b9727e3020c3dfcb4b168cf914e3c98f568cf70ba6b753f8697266abfada

  • SHA512

    1a90236792281d82617fb6ba5aa3d148d038a9ede27446bad5dd7e60f2e298742cd149257ecdbb0f07c4a9ed31eb2c539ee5dbb5bd1c0e91a0e4a656af344faa

  Score

  10^/10

  remcospersistencerat

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2