General
-
Target
ORDER #7507,pdf.exe
-
Size
1.5MB
-
Sample
210120-bm47pf3s1n
-
MD5
e5a7617cbb86629d7a1e3eb7d69fea95
-
SHA1
527438c49f88d639e29e434cabc8a22a9b511cda
-
SHA256
e5e175d048cc13ee35ae2c222be3eafe67d39be6422ca696ff40c91533d6c3b0
-
SHA512
996e7d32689f18503bcd033ddb753aa8dc5853f1cd9e5cf3c7f73990a814dbbcb9be1f67e6835e34a710d34eddb6da0bfb1942f0bd6fcffb47041b497cc2f095
Static task
static1
Behavioral task
behavioral1
Sample
ORDER #7507,pdf.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
movement2020.ddns.net:6735
Targets
-
-
Target
ORDER #7507,pdf.exe
-
Size
1.5MB
-
MD5
e5a7617cbb86629d7a1e3eb7d69fea95
-
SHA1
527438c49f88d639e29e434cabc8a22a9b511cda
-
SHA256
e5e175d048cc13ee35ae2c222be3eafe67d39be6422ca696ff40c91533d6c3b0
-
SHA512
996e7d32689f18503bcd033ddb753aa8dc5853f1cd9e5cf3c7f73990a814dbbcb9be1f67e6835e34a710d34eddb6da0bfb1942f0bd6fcffb47041b497cc2f095
-
Drops startup file
-
Suspicious use of SetThreadContext
-