General
-
Target
ACTION2021.scr
-
Size
1.4MB
-
Sample
210106-8vzdnjlyfs
-
MD5
c6ed7e791f0c36826d3c55e196dd7bd4
-
SHA1
97e94a141b7d479fd14373f724ce3232c2b0c429
-
SHA256
c39bdd8f7c69c3140ef920e2b1d5965310058c5fa425b871f4d7751d8291d55e
-
SHA512
17b21afde88b6d4ebb2340da7fb506ee62da93172e62e8da7bd4cf505fbe0df305f65523b555b9804d938411f00571a2718ec4ca900482c264173e2a42121a4f
Static task
static1
Behavioral task
behavioral1
Sample
ACTION2021.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ACTION2021.scr
Resource
win10v20201028
Malware Config
Extracted
remcos
masters4733.sytes.net:8686
Targets
-
-
Target
ACTION2021.scr
-
Size
1.4MB
-
MD5
c6ed7e791f0c36826d3c55e196dd7bd4
-
SHA1
97e94a141b7d479fd14373f724ce3232c2b0c429
-
SHA256
c39bdd8f7c69c3140ef920e2b1d5965310058c5fa425b871f4d7751d8291d55e
-
SHA512
17b21afde88b6d4ebb2340da7fb506ee62da93172e62e8da7bd4cf505fbe0df305f65523b555b9804d938411f00571a2718ec4ca900482c264173e2a42121a4f
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-