General
-
Target
Qotation.exe
-
Size
330KB
-
Sample
210119-gv8h854j2e
-
MD5
28b8acaf74bd16212a1d2fb732e88c6d
-
SHA1
993b52b65b755aa59f4d1f4390e3e0cd6c2ffacf
-
SHA256
b72df5535e69fb7ea6dd6638059825c267e176baa3213a2f513d76d2455f1776
-
SHA512
0da3543e18958730fe92ebc318fdcc7f8744a37bbadaea096f3a327b4207efc8a5b67819284aa7bb9fd293122c4daed5acbcb27842a45cfab6b10dfc4a88ed59
Static task
static1
Behavioral task
behavioral1
Sample
Qotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Qotation.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
whatgodcannotdodoestnotexist.duckdns.org:2889
Targets
-
-
Target
Qotation.exe
-
Size
330KB
-
MD5
28b8acaf74bd16212a1d2fb732e88c6d
-
SHA1
993b52b65b755aa59f4d1f4390e3e0cd6c2ffacf
-
SHA256
b72df5535e69fb7ea6dd6638059825c267e176baa3213a2f513d76d2455f1776
-
SHA512
0da3543e18958730fe92ebc318fdcc7f8744a37bbadaea096f3a327b4207efc8a5b67819284aa7bb9fd293122c4daed5acbcb27842a45cfab6b10dfc4a88ed59
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-