General
-
Target
DHL 3374687886,PDF.exe
-
Size
973KB
-
Sample
210113-5q9xpj2z4j
-
MD5
01856ddc0973cc04929480b93139ffa5
-
SHA1
c204a09386374da5924ace3f928e33d89f54d4d2
-
SHA256
7c7f99d2b695777b5809dcee0723304b77a06ea8c72ec8a9e0967e4d8584d585
-
SHA512
499951d507d49ae69ea1c6206575e1a14ee5cbf1bf5c6fc2099da858276721cb9efb67454f40790c69b09b8b419f8a1869234c1b983721a5fea99ec62c4a0386
Static task
static1
Behavioral task
behavioral1
Sample
DHL 3374687886,PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL 3374687886,PDF.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
favour2021.ddns.net:1990
Targets
-
-
Target
DHL 3374687886,PDF.exe
-
Size
973KB
-
MD5
01856ddc0973cc04929480b93139ffa5
-
SHA1
c204a09386374da5924ace3f928e33d89f54d4d2
-
SHA256
7c7f99d2b695777b5809dcee0723304b77a06ea8c72ec8a9e0967e4d8584d585
-
SHA512
499951d507d49ae69ea1c6206575e1a14ee5cbf1bf5c6fc2099da858276721cb9efb67454f40790c69b09b8b419f8a1869234c1b983721a5fea99ec62c4a0386
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-