General
-
Target
AKBANK E-DEKONT.exe
-
Size
530KB
-
Sample
210120-af33ft8ckx
-
MD5
860767d5cca20c73f2824af9dd531c2c
-
SHA1
4c2e344e91d2fb6a3cb192c751c2f73961408c29
-
SHA256
38ae495598f7ea60de08fbdef9f15051a7be606ce0c532766cddb4d13de6b8e3
-
SHA512
8996f266d8755a6106816a06d25ded34596e62fc71d7d65af7cd10b8b3d7e4c0e2eb2f7bb46d256fa57023d7fed6ae81f5c2c0bab011c83fddcffe50ae16cc50
Static task
static1
Behavioral task
behavioral1
Sample
AKBANK E-DEKONT.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AKBANK E-DEKONT.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
45.137.22.52:8780
Targets
-
-
Target
AKBANK E-DEKONT.exe
-
Size
530KB
-
MD5
860767d5cca20c73f2824af9dd531c2c
-
SHA1
4c2e344e91d2fb6a3cb192c751c2f73961408c29
-
SHA256
38ae495598f7ea60de08fbdef9f15051a7be606ce0c532766cddb4d13de6b8e3
-
SHA512
8996f266d8755a6106816a06d25ded34596e62fc71d7d65af7cd10b8b3d7e4c0e2eb2f7bb46d256fa57023d7fed6ae81f5c2c0bab011c83fddcffe50ae16cc50
Score10/10-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-