General
-
Target
SecuriteInfo.com.Generic.mg.8a16967ee620b6d5.22788
-
Size
1.3MB
-
Sample
210115-rclnyws69e
-
MD5
8a16967ee620b6d50578ec90143e9b88
-
SHA1
8b3ab5b20d8fbcb5c5428768c7e3fe8f3a954a8f
-
SHA256
f64dfe37f4518739d7d31f0a81cc8a126d6766ca16039b3f80a50495efd6d765
-
SHA512
f0fe9ee56e17ef17fc0a1fb70f6f37946f93fc4ad0d2eb9bb9ade5429ace6a027e5a4fa5ee6a993de7474f7106e45a6543d9e3adf98a63d002e75c447b1869d1
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.8a16967ee620b6d5.22788.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.8a16967ee620b6d5.22788.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.8a16967ee620b6d5.22788
-
Size
1.3MB
-
MD5
8a16967ee620b6d50578ec90143e9b88
-
SHA1
8b3ab5b20d8fbcb5c5428768c7e3fe8f3a954a8f
-
SHA256
f64dfe37f4518739d7d31f0a81cc8a126d6766ca16039b3f80a50495efd6d765
-
SHA512
f0fe9ee56e17ef17fc0a1fb70f6f37946f93fc4ad0d2eb9bb9ade5429ace6a027e5a4fa5ee6a993de7474f7106e45a6543d9e3adf98a63d002e75c447b1869d1
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-