General
-
Target
QUOTATION.exe
-
Size
1.1MB
-
Sample
210118-ab8bpwnwb6
-
MD5
848bfb3ad0bfdf896826370e1e567fcc
-
SHA1
54226c763412ca16832d5e11e1d9165c1df13534
-
SHA256
5e31a4916e479c18347d59e0a98dc12738efb5acbad3ba3e677fb24fd87e7adc
-
SHA512
d3c77db32580cb9c27c6307bd6c4cb568a73dfb7ace91d6d3eec2acfa0ff4fcecc79f6c91e234badf59f15076e692189a5b77ddabbad0105d690a37a491ce85a
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
79.134.225.100:1011
Targets
-
-
Target
QUOTATION.exe
-
Size
1.1MB
-
MD5
848bfb3ad0bfdf896826370e1e567fcc
-
SHA1
54226c763412ca16832d5e11e1d9165c1df13534
-
SHA256
5e31a4916e479c18347d59e0a98dc12738efb5acbad3ba3e677fb24fd87e7adc
-
SHA512
d3c77db32580cb9c27c6307bd6c4cb568a73dfb7ace91d6d3eec2acfa0ff4fcecc79f6c91e234badf59f15076e692189a5b77ddabbad0105d690a37a491ce85a
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-