General
-
Target
77bae1e8054ce3da1f20b43d0040af17.exe
-
Size
1.3MB
-
Sample
210115-p76ew1ppax
-
MD5
77bae1e8054ce3da1f20b43d0040af17
-
SHA1
6ee8ea745b8afcf7ebd921720964ae8d15443a7b
-
SHA256
9d61a9f459f8981483707df711e575931c3f637ec31b2befffce77d1ee486925
-
SHA512
0dd0f902a274334441435a979041e3fd4ca0a9d44a1acfe3fb1fe0280e65b6e7532dde24243b86164c470f4ce6cf0c1e47363df2a59bfbd06f6252079409cb64
Static task
static1
Behavioral task
behavioral1
Sample
77bae1e8054ce3da1f20b43d0040af17.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
77bae1e8054ce3da1f20b43d0040af17.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
77bae1e8054ce3da1f20b43d0040af17.exe
-
Size
1.3MB
-
MD5
77bae1e8054ce3da1f20b43d0040af17
-
SHA1
6ee8ea745b8afcf7ebd921720964ae8d15443a7b
-
SHA256
9d61a9f459f8981483707df711e575931c3f637ec31b2befffce77d1ee486925
-
SHA512
0dd0f902a274334441435a979041e3fd4ca0a9d44a1acfe3fb1fe0280e65b6e7532dde24243b86164c470f4ce6cf0c1e47363df2a59bfbd06f6252079409cb64
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-