General
-
Target
a3a675373e72c1f35bc333f988a3b754.exe
-
Size
5.0MB
-
Sample
210117-734nv1a612
-
MD5
a3a675373e72c1f35bc333f988a3b754
-
SHA1
9c86091fb649b59959b2f3d8eccfca26e6b2c78a
-
SHA256
999c9e17b0d164a69bb0224a1231420577b2a4283579e59572f90c32d4daade2
-
SHA512
7e973d147bb0f0ba1f85c855cd531a78b3198fb90dd5c43f4b0765a72a5e75819c0954b99e158327eeba4645e07454e8505f34a159c73deb256f71c00ffdcbd2
Static task
static1
Behavioral task
behavioral1
Sample
a3a675373e72c1f35bc333f988a3b754.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a3a675373e72c1f35bc333f988a3b754.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
ezisec.duckdns.org:2929
38.68.53.190:2929
Targets
-
-
Target
a3a675373e72c1f35bc333f988a3b754.exe
-
Size
5.0MB
-
MD5
a3a675373e72c1f35bc333f988a3b754
-
SHA1
9c86091fb649b59959b2f3d8eccfca26e6b2c78a
-
SHA256
999c9e17b0d164a69bb0224a1231420577b2a4283579e59572f90c32d4daade2
-
SHA512
7e973d147bb0f0ba1f85c855cd531a78b3198fb90dd5c43f4b0765a72a5e75819c0954b99e158327eeba4645e07454e8505f34a159c73deb256f71c00ffdcbd2
Score10/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-