General
-
Target
Product List 01.xlsx
-
Size
2.4MB
-
Sample
210119-8gbqfev66x
-
MD5
44015f105e6b64a770d80ab510b4f7a9
-
SHA1
eee4ed694385ccc3fe9896ceb2fb5c118c260a58
-
SHA256
e2569ec36e92c20060f47e60994da1ec8fbe203a2a5dfd60a3624d7eae7355b6
-
SHA512
f01e9865ee81a8b1978990f64a45201074aee682e7ef77c846276a9d79f57348f3575ea450b1a0dbd4c9b5aa8bab91428d894e6e4fa3ec7ff780dd80487eba95
Static task
static1
Behavioral task
behavioral1
Sample
Product List 01.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Product List 01.xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006
Targets
-
-
Target
Product List 01.xlsx
-
Size
2.4MB
-
MD5
44015f105e6b64a770d80ab510b4f7a9
-
SHA1
eee4ed694385ccc3fe9896ceb2fb5c118c260a58
-
SHA256
e2569ec36e92c20060f47e60994da1ec8fbe203a2a5dfd60a3624d7eae7355b6
-
SHA512
f01e9865ee81a8b1978990f64a45201074aee682e7ef77c846276a9d79f57348f3575ea450b1a0dbd4c9b5aa8bab91428d894e6e4fa3ec7ff780dd80487eba95
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-