General
-
Target
richiealvin.exe
-
Size
791KB
-
Sample
210120-5848x79n1x
-
MD5
57cbb0c81ccbd1c74fa39bd6d1d32884
-
SHA1
bbb48a60aa774829cd22d86dfe0530fb79b35b83
-
SHA256
46336468a43514fedfce240a5a3ca440c938d465c59fba6ce8d3b9383c5521cd
-
SHA512
aef00ecb214cde6efd34664494421c9724b7c8d77a55a33f0a043245cefa3c290d032a930f9e175d2d3d47f9dd5a3665002cd208f6474c63c938551351ada1ff
Static task
static1
Behavioral task
behavioral1
Sample
richiealvin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
richiealvin.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
91.193.75.185:1989
Targets
-
-
Target
richiealvin.exe
-
Size
791KB
-
MD5
57cbb0c81ccbd1c74fa39bd6d1d32884
-
SHA1
bbb48a60aa774829cd22d86dfe0530fb79b35b83
-
SHA256
46336468a43514fedfce240a5a3ca440c938d465c59fba6ce8d3b9383c5521cd
-
SHA512
aef00ecb214cde6efd34664494421c9724b7c8d77a55a33f0a043245cefa3c290d032a930f9e175d2d3d47f9dd5a3665002cd208f6474c63c938551351ada1ff
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-