General
-
Target
Quotation.exe
-
Size
163KB
-
Sample
210115-64vn3zaz6x
-
MD5
5d3efb4803c5ec263edc87d268c6035b
-
SHA1
d16a17af079d759e90f6fbb955455e00dd5d6df6
-
SHA256
6a9beed2218eb04e929a87b8e1e1fb1f5d3197136c96b434e82f9dd62e71233c
-
SHA512
1ed1da2650690e98aa10c498f8bba6562169a54bcb28a7cad53818c1f077de777de7d4888a4da8ef7a4c5a0b31d11b52357f01749ec51f391f46e17fc2045913
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
whatgodcannotdodoestnotexist.duckdns.org:2889
Targets
-
-
Target
Quotation.exe
-
Size
163KB
-
MD5
5d3efb4803c5ec263edc87d268c6035b
-
SHA1
d16a17af079d759e90f6fbb955455e00dd5d6df6
-
SHA256
6a9beed2218eb04e929a87b8e1e1fb1f5d3197136c96b434e82f9dd62e71233c
-
SHA512
1ed1da2650690e98aa10c498f8bba6562169a54bcb28a7cad53818c1f077de777de7d4888a4da8ef7a4c5a0b31d11b52357f01749ec51f391f46e17fc2045913
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-