General
-
Target
unpaid.exe
-
Size
289KB
-
Sample
210118-tfv7wqw7we
-
MD5
23195e221bd52fc2ff7bcecef0c6e9af
-
SHA1
efffd2231109a8103f1b85da879ee2cfd9e59ba8
-
SHA256
07cb866df6df9ad51ce01426b0a0466834619e72c2653ff7c25320cc3c0a3f9a
-
SHA512
8cbb1a709e198e7c905b81554000d83f88e2429c821d5990d45c8f182442e2409828de014750aa2ef23c97f033b0f098bdf281cc8bc7b5c1e7ff53ca7d2dd3c8
Static task
static1
Behavioral task
behavioral1
Sample
unpaid.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
unpaid.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
nkosarevaocs.duckdns.org:7266
Targets
-
-
Target
unpaid.exe
-
Size
289KB
-
MD5
23195e221bd52fc2ff7bcecef0c6e9af
-
SHA1
efffd2231109a8103f1b85da879ee2cfd9e59ba8
-
SHA256
07cb866df6df9ad51ce01426b0a0466834619e72c2653ff7c25320cc3c0a3f9a
-
SHA512
8cbb1a709e198e7c905b81554000d83f88e2429c821d5990d45c8f182442e2409828de014750aa2ef23c97f033b0f098bdf281cc8bc7b5c1e7ff53ca7d2dd3c8
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-