General
-
Target
QOUTATION-PDF- SCAN COPY.com
-
Size
1.5MB
-
Sample
210118-fw329sar16
-
MD5
9a9bbfd840fc81a65bbbd542c5b218c9
-
SHA1
41a8ce06eff712b8aa1e6c9a86776b9fa1763950
-
SHA256
a29a5b9eafdb7e2dbec28f1cb59d5ffcec859333d8f1a4cc00a37c3eded32ae3
-
SHA512
6f06eedda66f0e55b24f82d9c6bbabc08972c271749ceacd7826f5062034d135a4d0e89d65c1c693cd85947ac9763d1cac3521f75fc72c4abf38f733dfafa4e5
Static task
static1
Behavioral task
behavioral1
Sample
QOUTATION-PDF- SCAN COPY.com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QOUTATION-PDF- SCAN COPY.com.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
eileenwmsscm.duckdns.org:2558
Targets
-
-
Target
QOUTATION-PDF- SCAN COPY.com
-
Size
1.5MB
-
MD5
9a9bbfd840fc81a65bbbd542c5b218c9
-
SHA1
41a8ce06eff712b8aa1e6c9a86776b9fa1763950
-
SHA256
a29a5b9eafdb7e2dbec28f1cb59d5ffcec859333d8f1a4cc00a37c3eded32ae3
-
SHA512
6f06eedda66f0e55b24f82d9c6bbabc08972c271749ceacd7826f5062034d135a4d0e89d65c1c693cd85947ac9763d1cac3521f75fc72c4abf38f733dfafa4e5
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-