General
-
Target
PAYMENT-REFUND-DOCUMENTS-00J-0S3.exe
-
Size
185KB
-
Sample
210108-ngvwq2xjme
-
MD5
9675e29f6b3a62d160fdbaafbf52c1fc
-
SHA1
682a434049de220e4dd248163565f1e89689f103
-
SHA256
e7c74f89332dcf4bf0ebaa50d960a8c82a521ca2c9608ecbb13e719e9744b5ca
-
SHA512
12e7e5e4942852af0f903f299a5a7e34ef00baf3469fdc178faa26df42db3f6180f1fb0da6cd2574620aa94b3e8a893368de2ae4430bc2d1804360e3c783a6bb
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT-REFUND-DOCUMENTS-00J-0S3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PAYMENT-REFUND-DOCUMENTS-00J-0S3.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
www.drgarerd.eu:2404
Targets
-
-
Target
PAYMENT-REFUND-DOCUMENTS-00J-0S3.exe
-
Size
185KB
-
MD5
9675e29f6b3a62d160fdbaafbf52c1fc
-
SHA1
682a434049de220e4dd248163565f1e89689f103
-
SHA256
e7c74f89332dcf4bf0ebaa50d960a8c82a521ca2c9608ecbb13e719e9744b5ca
-
SHA512
12e7e5e4942852af0f903f299a5a7e34ef00baf3469fdc178faa26df42db3f6180f1fb0da6cd2574620aa94b3e8a893368de2ae4430bc2d1804360e3c783a6bb
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-