General
-
Target
RFQ TK011521.exe
-
Size
773KB
-
Sample
210115-yrbbsvwhea
-
MD5
1b82291a598a2e1a2b6c6db774ddb5ea
-
SHA1
a4fa0d9d5a3ec8041d84eb4ca541e3e49833bc8c
-
SHA256
4cd823b02efc3aaf62baa4f4e9c252ae487d969c887fe2a72291ad2e69359cac
-
SHA512
6488bfca54881950ab06185e1aea997b6ed4a0c93e841dbe4e14e364b1f23d0deb68b5e4a71394fc63fe54c94a5792eae4d4d6a42a9adaf9f728f112e66cd470
Static task
static1
Behavioral task
behavioral1
Sample
RFQ TK011521.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
jackpiaau.duckdns.org:4902
ihechi.ddns.net:4902
Targets
-
-
Target
RFQ TK011521.exe
-
Size
773KB
-
MD5
1b82291a598a2e1a2b6c6db774ddb5ea
-
SHA1
a4fa0d9d5a3ec8041d84eb4ca541e3e49833bc8c
-
SHA256
4cd823b02efc3aaf62baa4f4e9c252ae487d969c887fe2a72291ad2e69359cac
-
SHA512
6488bfca54881950ab06185e1aea997b6ed4a0c93e841dbe4e14e364b1f23d0deb68b5e4a71394fc63fe54c94a5792eae4d4d6a42a9adaf9f728f112e66cd470
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-