General
-
Target
8862719d86a768b1d8363364f0382868.exe
-
Size
1.4MB
-
Sample
210113-11e4zn7ma2
-
MD5
8862719d86a768b1d8363364f0382868
-
SHA1
998e6f410a43aa618edf7c3a1a5e36abc79c6326
-
SHA256
495955225d3f8b7ee34f7f194685ac06621f177e25aca6bde09d038b0a2afd74
-
SHA512
a2f3213cf62cbed0da5bcd2ec898feaab4f374ff4fd2d50992c360f5f0b4b1f07e804d8a334174204fe700fb863125fd0dca3acce13f6c2081552ec2cbd0d0a2
Static task
static1
Behavioral task
behavioral1
Sample
8862719d86a768b1d8363364f0382868.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8862719d86a768b1d8363364f0382868.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
8862719d86a768b1d8363364f0382868.exe
-
Size
1.4MB
-
MD5
8862719d86a768b1d8363364f0382868
-
SHA1
998e6f410a43aa618edf7c3a1a5e36abc79c6326
-
SHA256
495955225d3f8b7ee34f7f194685ac06621f177e25aca6bde09d038b0a2afd74
-
SHA512
a2f3213cf62cbed0da5bcd2ec898feaab4f374ff4fd2d50992c360f5f0b4b1f07e804d8a334174204fe700fb863125fd0dca3acce13f6c2081552ec2cbd0d0a2
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-