General
-
Target
Quotation Request-PDF_PDF.exe
-
Size
1.6MB
-
Sample
210118-wvgtpk7r3s
-
MD5
25a3b2a25320e45a9a58eb84789719ee
-
SHA1
7b1ffe6a3be0d676b89f2986ca1ae6fee11fe271
-
SHA256
858819973735c0c8715675602e067da2f7ef3ac0fa34bc2c96c39831addb8992
-
SHA512
e526426fdee134ebffd28a9c9625fc0907b1fcdc6d6047df54d353b0841464dbe09db87b1e44ac2f549b926032e5e3780a1469a4aa9fa2c69b556dd3efcfdb43
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request-PDF_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation Request-PDF_PDF.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
nkosarevaocs.duckdns.org:7266
Targets
-
-
Target
Quotation Request-PDF_PDF.exe
-
Size
1.6MB
-
MD5
25a3b2a25320e45a9a58eb84789719ee
-
SHA1
7b1ffe6a3be0d676b89f2986ca1ae6fee11fe271
-
SHA256
858819973735c0c8715675602e067da2f7ef3ac0fa34bc2c96c39831addb8992
-
SHA512
e526426fdee134ebffd28a9c9625fc0907b1fcdc6d6047df54d353b0841464dbe09db87b1e44ac2f549b926032e5e3780a1469a4aa9fa2c69b556dd3efcfdb43
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-