General
-
Target
Shipping Document PL& BL 0980 ,pdf.exe
-
Size
800KB
-
Sample
210119-a47a1dd6ee
-
MD5
7bbfadf6d555db358cab481b6e73d985
-
SHA1
8aad19b730b71b346af632fe78021ec76e3d849f
-
SHA256
c6cd969f7c4fb071f64c31cdf57dfe1a4015cd78f49fa880cd7144c0eaed3df4
-
SHA512
504d6d350dc40f1ec94d8a005fa226bfa992906fc07dc3bb0d5bfb25bf8c30271de4b78eb59e763fcbdb17be6e89b4901607e812d16c9ce64c6783371bcb42ad
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL& BL 0980 ,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping Document PL& BL 0980 ,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
favour2021.ddns.net:1990
Targets
-
-
Target
Shipping Document PL& BL 0980 ,pdf.exe
-
Size
800KB
-
MD5
7bbfadf6d555db358cab481b6e73d985
-
SHA1
8aad19b730b71b346af632fe78021ec76e3d849f
-
SHA256
c6cd969f7c4fb071f64c31cdf57dfe1a4015cd78f49fa880cd7144c0eaed3df4
-
SHA512
504d6d350dc40f1ec94d8a005fa226bfa992906fc07dc3bb0d5bfb25bf8c30271de4b78eb59e763fcbdb17be6e89b4901607e812d16c9ce64c6783371bcb42ad
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-