General
-
Target
New PO.exe
-
Size
665KB
-
Sample
210106-rjqfvsqzx2
-
MD5
5ad9944b195708e20ed9008a6aca905d
-
SHA1
56a770ba16062100d0cb2574fe24a042718c9fbc
-
SHA256
4fe8c8398a6cf30cfd7cbed590de821abdb40aa177781c43c19bdfec75308355
-
SHA512
a4e92e98029adb6d46a6d225d90284ec2b11c8b3763557a80c3fe8fd629cb0ccfb3f7c0570430127c6c3a3d3146c9ea73321f1ccbf6a664d3af5690c1fd6ae7d
Static task
static1
Behavioral task
behavioral1
Sample
New PO.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
194.5.98.32:959
Targets
-
-
Target
New PO.exe
-
Size
665KB
-
MD5
5ad9944b195708e20ed9008a6aca905d
-
SHA1
56a770ba16062100d0cb2574fe24a042718c9fbc
-
SHA256
4fe8c8398a6cf30cfd7cbed590de821abdb40aa177781c43c19bdfec75308355
-
SHA512
a4e92e98029adb6d46a6d225d90284ec2b11c8b3763557a80c3fe8fd629cb0ccfb3f7c0570430127c6c3a3d3146c9ea73321f1ccbf6a664d3af5690c1fd6ae7d
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-