General
-
Target
Request ## HMI 8130-3##.pdf.exe
-
Size
1013KB
-
Sample
210111-wdfz8bf44e
-
MD5
d91456035c9e48c7b8da1ebcd4d6cdbc
-
SHA1
65fae97ec1480deb5421bc967e316ce10977c9db
-
SHA256
059ac87b5d6736721984e912bc0dcca50506fba170787b6aedb85e94b9683642
-
SHA512
8b614bb9b11fda452a39a8a86ddcd1d82d285f329063a8d4755fc1b6c0e46f92b9c7a79641f60ed4739fe4203b5a7e2fdeda9ee45e3cf0960c17b4ee9e6a9731
Static task
static1
Behavioral task
behavioral1
Sample
Request ## HMI 8130-3##.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Request ## HMI 8130-3##.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
richiealvin2021.duckdns.org:1989
Targets
-
-
Target
Request ## HMI 8130-3##.pdf.exe
-
Size
1013KB
-
MD5
d91456035c9e48c7b8da1ebcd4d6cdbc
-
SHA1
65fae97ec1480deb5421bc967e316ce10977c9db
-
SHA256
059ac87b5d6736721984e912bc0dcca50506fba170787b6aedb85e94b9683642
-
SHA512
8b614bb9b11fda452a39a8a86ddcd1d82d285f329063a8d4755fc1b6c0e46f92b9c7a79641f60ed4739fe4203b5a7e2fdeda9ee45e3cf0960c17b4ee9e6a9731
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-