General
-
Target
Invoice_pdf.exe
-
Size
870KB
-
Sample
210115-sqjrys3th6
-
MD5
279249ce026add40ae320e48e7419dd0
-
SHA1
39f75c20a9372a4b04231ca64f094a87621fa833
-
SHA256
ad1f07921d826970a6a6e3073a870abd32a439d3ae2fc552b7dff46eb0d5f69c
-
SHA512
17ebcc0503746fe3e5869491f6306b3f3753592eb2a44ad53248b28746e0dfc17a99c17ba2494c940bdf4ba6f71c154462a1b6087bf8ae7fba510372d998f851
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invoice_pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
welloff.myq-see.com:5267
Targets
-
-
Target
Invoice_pdf.exe
-
Size
870KB
-
MD5
279249ce026add40ae320e48e7419dd0
-
SHA1
39f75c20a9372a4b04231ca64f094a87621fa833
-
SHA256
ad1f07921d826970a6a6e3073a870abd32a439d3ae2fc552b7dff46eb0d5f69c
-
SHA512
17ebcc0503746fe3e5869491f6306b3f3753592eb2a44ad53248b28746e0dfc17a99c17ba2494c940bdf4ba6f71c154462a1b6087bf8ae7fba510372d998f851
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-