General
-
Target
atikmdag-patcher 1.4.7.zip
-
Size
5.6MB
-
Sample
210120-9qlz1cvkcx
-
MD5
71b165a31b508643c762c0091c990f6c
-
SHA1
204994ed47b491def4d325fa0fd40ff3c4f17cb9
-
SHA256
6059f140c9fada4970a52c064b1314a3c81fbdb73dc35a58a2af8f4945f9c748
-
SHA512
43c0ac900dc4ac9dc77eb8908f773714dc80ffb889b625af0869ab1226e8521f96cf3682629776a5e7be0a3a46d9832805ad2684b9338d1921a4af31c01edf89
Static task
static1
Behavioral task
behavioral1
Sample
atikmdag-patcher 1.4.7/atikmdag-patcher.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
atikmdag-patcher 1.4.7/atikmdag-patcher.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
5.61.53.13:8000
Targets
-
-
Target
atikmdag-patcher 1.4.7/atikmdag-patcher.exe
-
Size
2.9MB
-
MD5
c3913cc50ad4f1fb71ff6f47421508fe
-
SHA1
e4d6183d5605315f4689e24125400f2d9601109b
-
SHA256
83dbf6453c82e3deec82ef5a21a6ff548854f3297f4d6e5a41e1946fba5cad0d
-
SHA512
9ab38166baa24503f388508ea8ad96c72323a4051c9c685a28f9a84438a3db0698554b6e2467dacf18715fb551afae37431e95a19bbdfd34309aa00af85bf7ea
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-