General
-
Target
i5TiYkAYkWJy1O8.exe
-
Size
772KB
-
Sample
210112-8ccg4v1c4s
-
MD5
e17a0488de5ca3c73672541143ee6927
-
SHA1
8a4c59f81c17710e665fb3e055dc1cbd28bc8ce6
-
SHA256
596479cd77e25e5d6dbf0b421afff049390813cc254ae90f86af00a10bdf6f90
-
SHA512
6766459cca6b6a25902973ca210e274241841e7acd2684ccb3f362040e3dbd568f1b430d305e773e50e0ec1e5e7cd879d8f3aff7d4cc30ce0a786be58555537d
Static task
static1
Behavioral task
behavioral1
Sample
i5TiYkAYkWJy1O8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
i5TiYkAYkWJy1O8.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
185.244.26.208:29100
Targets
-
-
Target
i5TiYkAYkWJy1O8.exe
-
Size
772KB
-
MD5
e17a0488de5ca3c73672541143ee6927
-
SHA1
8a4c59f81c17710e665fb3e055dc1cbd28bc8ce6
-
SHA256
596479cd77e25e5d6dbf0b421afff049390813cc254ae90f86af00a10bdf6f90
-
SHA512
6766459cca6b6a25902973ca210e274241841e7acd2684ccb3f362040e3dbd568f1b430d305e773e50e0ec1e5e7cd879d8f3aff7d4cc30ce0a786be58555537d
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-