General
-
Target
PO-scandocumentsfile00108392.exe
-
Size
851KB
-
Sample
210115-lwteqraxrs
-
MD5
ed01719e79f8008d4ede16e7edff753a
-
SHA1
9929ccd810f335d2d2b84e7ba519940bb9f58fe8
-
SHA256
a7ada9eefa9c775d0215af6bc497e305f8067290f5e9642e582c6d4c3ec65756
-
SHA512
188adc96dbef43ddc4f110958bf68920288a0b9759317a473e78e146bd302ace63de73da93ec9e644e3526ed9d69472a47ac178e6e3d84ea93ccf21a5a3fab90
Static task
static1
Behavioral task
behavioral1
Sample
PO-scandocumentsfile00108392.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO-scandocumentsfile00108392.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
www.maneediem.com:2404
Targets
-
-
Target
PO-scandocumentsfile00108392.exe
-
Size
851KB
-
MD5
ed01719e79f8008d4ede16e7edff753a
-
SHA1
9929ccd810f335d2d2b84e7ba519940bb9f58fe8
-
SHA256
a7ada9eefa9c775d0215af6bc497e305f8067290f5e9642e582c6d4c3ec65756
-
SHA512
188adc96dbef43ddc4f110958bf68920288a0b9759317a473e78e146bd302ace63de73da93ec9e644e3526ed9d69472a47ac178e6e3d84ea93ccf21a5a3fab90
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-