General
-
Target
Quotation Request.exe
-
Size
498KB
-
Sample
210118-v9qyv49d1n
-
MD5
e14fc3accfaa18fee9a5c60689768864
-
SHA1
f77f4c23d6987fc4a9edbf47eb4219d591f314c9
-
SHA256
321be1554d0c8aaf169078b16f29bac61f923485fcc124499a6886c4ecadb552
-
SHA512
b62ae51e70417deaba0f0b88acccff8f3168559a84585f7cd93d997e57364c39d25079a3f521ae9203a172682a94d095721b12d840d5428711bba15e175316c7
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation Request.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
chhjvhvkjbhliiuyuj.duckdns.org:20909
Targets
-
-
Target
Quotation Request.exe
-
Size
498KB
-
MD5
e14fc3accfaa18fee9a5c60689768864
-
SHA1
f77f4c23d6987fc4a9edbf47eb4219d591f314c9
-
SHA256
321be1554d0c8aaf169078b16f29bac61f923485fcc124499a6886c4ecadb552
-
SHA512
b62ae51e70417deaba0f0b88acccff8f3168559a84585f7cd93d997e57364c39d25079a3f521ae9203a172682a94d095721b12d840d5428711bba15e175316c7
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-