General
-
Target
CV Muhammad Arman Badar.xlsx
-
Size
2.1MB
-
Sample
210120-ppbvajvv16
-
MD5
99ad00bbe8928d094546b5b402aadaba
-
SHA1
bcd91ef8ae9fbf2a2a4118d4505caf6afdf9915c
-
SHA256
48a52a8f34c3943f3699e852ac10b96cdd92311be6980a7d86b9654cae8eca84
-
SHA512
2d14ac42718b7a3ae73c3645d0eded2681129cba40ed2ed728781414936e851a61df0d85bd20efd74dac80d248d4971f3591eb0ac644461b84d23aa39f18be17
Static task
static1
Behavioral task
behavioral1
Sample
CV Muhammad Arman Badar.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CV Muhammad Arman Badar.xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
CV Muhammad Arman Badar.xlsx
-
Size
2.1MB
-
MD5
99ad00bbe8928d094546b5b402aadaba
-
SHA1
bcd91ef8ae9fbf2a2a4118d4505caf6afdf9915c
-
SHA256
48a52a8f34c3943f3699e852ac10b96cdd92311be6980a7d86b9654cae8eca84
-
SHA512
2d14ac42718b7a3ae73c3645d0eded2681129cba40ed2ed728781414936e851a61df0d85bd20efd74dac80d248d4971f3591eb0ac644461b84d23aa39f18be17
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-