General
-
Target
Quotation.exe
-
Size
301KB
-
Sample
210118-b1ljkymt52
-
MD5
86ee20d76d6fcd5411f6ac7f6087e636
-
SHA1
bdccba4e08fdcb0eb4881111087b04871ac9a017
-
SHA256
605834c1fd1e1ad6e039fa17f7de298663ab902e84a70947a15ef18d088879e8
-
SHA512
811795cd24c69795120dc26c4c876a51453eb11820f9482819a70698d6b14ddece068da18bad307e28975273d20d9a680b31df07c04362e8d33d7de733b26516
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
whatgodcannotdodoestnotexist.duckdns.org:2889
Targets
-
-
Target
Quotation.exe
-
Size
301KB
-
MD5
86ee20d76d6fcd5411f6ac7f6087e636
-
SHA1
bdccba4e08fdcb0eb4881111087b04871ac9a017
-
SHA256
605834c1fd1e1ad6e039fa17f7de298663ab902e84a70947a15ef18d088879e8
-
SHA512
811795cd24c69795120dc26c4c876a51453eb11820f9482819a70698d6b14ddece068da18bad307e28975273d20d9a680b31df07c04362e8d33d7de733b26516
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-