General
-
Target
SRBPolarisV3.5.exe
-
Size
4.3MB
-
Sample
210101-nzvdfp5r4n
-
MD5
6513a43b7fa6d6a0536fb2fe26105dbf
-
SHA1
3198b72457449f357401eafd8e944deae616fdaf
-
SHA256
4c25202298f76f1598a1e169ca435b80541e1db59c542f55e1eb8e3cbf76a419
-
SHA512
837c06f346cf5eb90c10f282c832e482b87855c7665fc0ba0eebb3837b5d3bd47d92e614d66517fb6f9d794b4a930b2b515d3d5140b2f43a47ad038da0ec0129
Static task
static1
Behavioral task
behavioral1
Sample
SRBPolarisV3.5.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
5.61.56.10:9003
Targets
-
-
Target
SRBPolarisV3.5.exe
-
Size
4.3MB
-
MD5
6513a43b7fa6d6a0536fb2fe26105dbf
-
SHA1
3198b72457449f357401eafd8e944deae616fdaf
-
SHA256
4c25202298f76f1598a1e169ca435b80541e1db59c542f55e1eb8e3cbf76a419
-
SHA512
837c06f346cf5eb90c10f282c832e482b87855c7665fc0ba0eebb3837b5d3bd47d92e614d66517fb6f9d794b4a930b2b515d3d5140b2f43a47ad038da0ec0129
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-