General
-
Target
Shipping Document PL&BL003534,pdf.exe
-
Size
675KB
-
Sample
210106-2lqcmcdhjs
-
MD5
35d3f86c5715649c8a4273e6a52b0b54
-
SHA1
cebda0a60751e95d44bf19522c0f315595c47f51
-
SHA256
aeb1aab3be5b90cb85bfe28f0e092c83fee4a742a9cda7b0d8a6e464e6fa7342
-
SHA512
b3cec30f5f79de0a31943160687c92d5304f837a8c1de852b5f08682db1c8de1a4f44c13a92c6a37cc34bd842c2d7ebf219501ce52bca0c6a785a93d7dd5a9f4
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL&BL003534,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping Document PL&BL003534,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
blessings2021.ddns.net:2021
Targets
-
-
Target
Shipping Document PL&BL003534,pdf.exe
-
Size
675KB
-
MD5
35d3f86c5715649c8a4273e6a52b0b54
-
SHA1
cebda0a60751e95d44bf19522c0f315595c47f51
-
SHA256
aeb1aab3be5b90cb85bfe28f0e092c83fee4a742a9cda7b0d8a6e464e6fa7342
-
SHA512
b3cec30f5f79de0a31943160687c92d5304f837a8c1de852b5f08682db1c8de1a4f44c13a92c6a37cc34bd842c2d7ebf219501ce52bca0c6a785a93d7dd5a9f4
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-