General
-
Target
atiflash_293.exe
-
Size
3.2MB
-
Sample
210111-8xvw673nk2
-
MD5
e6172650b97c48b350630e67e13387d9
-
SHA1
ad2a2c83d70088b1fe69adb77b8efdccb280be04
-
SHA256
3d84d2ad35397d5b2b3d482886e2a15551053e903de3fb446704754b48ffa925
-
SHA512
8a61d1a837c338f09fc21f1bb803ecb3813174015724b4bb69dc4c444086efef3e83702483dc7c41acfb0ea11cdcda7c8585eedfcff485e3c66c70ab65280ac8
Static task
static1
Behavioral task
behavioral1
Sample
atiflash_293.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
94.242.206.175:5883
Targets
-
-
Target
atiflash_293.exe
-
Size
3.2MB
-
MD5
e6172650b97c48b350630e67e13387d9
-
SHA1
ad2a2c83d70088b1fe69adb77b8efdccb280be04
-
SHA256
3d84d2ad35397d5b2b3d482886e2a15551053e903de3fb446704754b48ffa925
-
SHA512
8a61d1a837c338f09fc21f1bb803ecb3813174015724b4bb69dc4c444086efef3e83702483dc7c41acfb0ea11cdcda7c8585eedfcff485e3c66c70ab65280ac8
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
JavaScript code in executable
-
Drops file in System32 directory
-