General
-
Target
Documento AWB DHL 3374687886.exe
-
Size
660KB
-
Sample
210114-r358ym52rj
-
MD5
e4e02951e1f41618256a13b0b682f74f
-
SHA1
feb39ed57d123134ac15db3357ea02ea05f31b27
-
SHA256
db40b329c1ecea2045d4e2bc27fe712b52bbfc1d51ff1b55dcd3c8bb72258710
-
SHA512
c47a316c209d005fd36e4eb79a0f1965a7c6b3df1b88d3bf26b4149b77d3616e78870bd4c4fba87aa1df0fa7c9d073d02e22385417c4dd83ffb43f69229e6b10
Static task
static1
Behavioral task
behavioral1
Sample
Documento AWB DHL 3374687886.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Documento AWB DHL 3374687886.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
favour2021.ddns.net:1990
Targets
-
-
Target
Documento AWB DHL 3374687886.exe
-
Size
660KB
-
MD5
e4e02951e1f41618256a13b0b682f74f
-
SHA1
feb39ed57d123134ac15db3357ea02ea05f31b27
-
SHA256
db40b329c1ecea2045d4e2bc27fe712b52bbfc1d51ff1b55dcd3c8bb72258710
-
SHA512
c47a316c209d005fd36e4eb79a0f1965a7c6b3df1b88d3bf26b4149b77d3616e78870bd4c4fba87aa1df0fa7c9d073d02e22385417c4dd83ffb43f69229e6b10
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-