General
-
Target
FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe
-
Size
1.3MB
-
Sample
210120-1rrvjxedhj
-
MD5
a19f05f20d0763c0d7794ff03d8db8d4
-
SHA1
78f4586c4e318ff44d4886ac5665cdebe9f0196e
-
SHA256
db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0
-
SHA512
ffda1d8f6544bd3d048585f8129166880bb08a90983f99c10c22103ff14c07de12da6259ed4d9f0e494a514e3b53cbcff2f4ff242e92af5ea5cf25bcf1e7895e
Static task
static1
Behavioral task
behavioral1
Sample
FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
starkduck0001.duckdns.org:9403
Targets
-
-
Target
FV027000130023; ASORIOFRIO SAS; FACTURACION ELECTRONICApdf.exe
-
Size
1.3MB
-
MD5
a19f05f20d0763c0d7794ff03d8db8d4
-
SHA1
78f4586c4e318ff44d4886ac5665cdebe9f0196e
-
SHA256
db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0
-
SHA512
ffda1d8f6544bd3d048585f8129166880bb08a90983f99c10c22103ff14c07de12da6259ed4d9f0e494a514e3b53cbcff2f4ff242e92af5ea5cf25bcf1e7895e
Score10/10-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-