General
-
Target
Kerenl.sfx.exe
-
Size
5.7MB
-
Sample
210112-rfx7e7tfan
-
MD5
d5018dc7250488f8b343d9df033ad608
-
SHA1
a193808381174ce1b46f86ea4e768926f75f6347
-
SHA256
d9165452d3a756f74bdc02fdc8477460abe31bcfa850f2211588e10dd0b1e084
-
SHA512
e285a4a3f7aebe68acdc086e3e988dd09ca0af2ff029d5ec145cd668352f44b668d62bb387642ea7d2ae5edfba426ced0d38a1872adf529309a2564a4b08db7e
Static task
static1
Behavioral task
behavioral1
Sample
Kerenl.sfx.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
5.45.87.29:8000
Targets
-
-
Target
Kerenl.sfx.exe
-
Size
5.7MB
-
MD5
d5018dc7250488f8b343d9df033ad608
-
SHA1
a193808381174ce1b46f86ea4e768926f75f6347
-
SHA256
d9165452d3a756f74bdc02fdc8477460abe31bcfa850f2211588e10dd0b1e084
-
SHA512
e285a4a3f7aebe68acdc086e3e988dd09ca0af2ff029d5ec145cd668352f44b668d62bb387642ea7d2ae5edfba426ced0d38a1872adf529309a2564a4b08db7e
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-