General
-
Target
Hendra Sagita CV.xlsx
-
Size
1.6MB
-
Sample
210118-1ev21y68ta
-
MD5
d9a813eb9a8a68214f8be31ed477c759
-
SHA1
38d011ee73abc7857d443b7afb9589c43441d60b
-
SHA256
a098f194fe69795901a85cf320aacb6effbb5dd2546e720e3d37fd9b6ebd1856
-
SHA512
1205d50b745bc93e1c9cd6c78b1c2a766d98025d20b7d10528775b2c7fb59a1f7f684d5a01e4ba3aa41ae1838cfeacee7baf4eccec18769aa0ec204dcbf386f4
Static task
static1
Behavioral task
behavioral1
Sample
Hendra Sagita CV.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Hendra Sagita CV.xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
Hendra Sagita CV.xlsx
-
Size
1.6MB
-
MD5
d9a813eb9a8a68214f8be31ed477c759
-
SHA1
38d011ee73abc7857d443b7afb9589c43441d60b
-
SHA256
a098f194fe69795901a85cf320aacb6effbb5dd2546e720e3d37fd9b6ebd1856
-
SHA512
1205d50b745bc93e1c9cd6c78b1c2a766d98025d20b7d10528775b2c7fb59a1f7f684d5a01e4ba3aa41ae1838cfeacee7baf4eccec18769aa0ec204dcbf386f4
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-