General
-
Target
Quotation.exe
-
Size
1.5MB
-
Sample
210118-2wcxspmtvj
-
MD5
8ed2eb4f9aab811fef61c8cc1d61cf24
-
SHA1
d4e2452748d1efc5bb62ee873bbd0af96d5f5d13
-
SHA256
133a9c9b926ecb6806cf9afa73409b01472e67d80a7908dbadbfe2cf7e24f7e5
-
SHA512
7686e04c7a5c348e3eaa01f0a56e4062ff94b142164111857499682e50b7e05c2aa481a524099229e100e7c97a96ed58f45004a4c7f621287504640100f7ed52
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
whatgodcannotdodoestnotexist.duckdns.org:2889
Targets
-
-
Target
Quotation.exe
-
Size
1.5MB
-
MD5
8ed2eb4f9aab811fef61c8cc1d61cf24
-
SHA1
d4e2452748d1efc5bb62ee873bbd0af96d5f5d13
-
SHA256
133a9c9b926ecb6806cf9afa73409b01472e67d80a7908dbadbfe2cf7e24f7e5
-
SHA512
7686e04c7a5c348e3eaa01f0a56e4062ff94b142164111857499682e50b7e05c2aa481a524099229e100e7c97a96ed58f45004a4c7f621287504640100f7ed52
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-