General
-
Target
69aa57441342e6a7ff6b5b7cbf8cff3a.exe
-
Size
1.3MB
-
Sample
210119-d8c5m2dzpa
-
MD5
69aa57441342e6a7ff6b5b7cbf8cff3a
-
SHA1
be4c2676803beabbf4524a5eac674dbfa3cce0db
-
SHA256
62af113dfd78cac402e87e1f70d7b3718258727b84ed947111269c1f874585da
-
SHA512
1abf5eaf2b8078bce3da26dacdf132160e02692de15cf1801187ded19a4078aa23d0001432acb1d6c469c4582b48a48a92597ff76e456542b92ee7e410c3ab8c
Static task
static1
Behavioral task
behavioral1
Sample
69aa57441342e6a7ff6b5b7cbf8cff3a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
69aa57441342e6a7ff6b5b7cbf8cff3a.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
69aa57441342e6a7ff6b5b7cbf8cff3a.exe
-
Size
1.3MB
-
MD5
69aa57441342e6a7ff6b5b7cbf8cff3a
-
SHA1
be4c2676803beabbf4524a5eac674dbfa3cce0db
-
SHA256
62af113dfd78cac402e87e1f70d7b3718258727b84ed947111269c1f874585da
-
SHA512
1abf5eaf2b8078bce3da26dacdf132160e02692de15cf1801187ded19a4078aa23d0001432acb1d6c469c4582b48a48a92597ff76e456542b92ee7e410c3ab8c
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-