General
-
Target
DHL AWD 3374687886,pdf.exe
-
Size
902KB
-
Sample
210115-3qpr8xbwr6
-
MD5
1a5c59aeb8ec99b73bc89056e63805c0
-
SHA1
25602dcef8fb46b22e954f225483f3e3617a0261
-
SHA256
3b1b352f3c4d0fe235b45d9db418e1e4155ab31265ee368ed646ac38071a2eda
-
SHA512
a021ff6a08bf44ec06c8e884d2dca83eb161a86e8a8b638a19274e8900746a63a8219271f030c336eb3db61d8765da60a853a21785ef35ec4314f81bcd130a6c
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWD 3374687886,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL AWD 3374687886,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
favour2021.ddns.net:1990
Targets
-
-
Target
DHL AWD 3374687886,pdf.exe
-
Size
902KB
-
MD5
1a5c59aeb8ec99b73bc89056e63805c0
-
SHA1
25602dcef8fb46b22e954f225483f3e3617a0261
-
SHA256
3b1b352f3c4d0fe235b45d9db418e1e4155ab31265ee368ed646ac38071a2eda
-
SHA512
a021ff6a08bf44ec06c8e884d2dca83eb161a86e8a8b638a19274e8900746a63a8219271f030c336eb3db61d8765da60a853a21785ef35ec4314f81bcd130a6c
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-