General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482
-
Size
1.3MB
-
Sample
210121-4shyqx5wss
-
MD5
e9b6740e41a0542f4ad328e00acd7afb
-
SHA1
98b5cb95aa4cbb0c97a772a2d76592a7c3ffc87c
-
SHA256
aad93ff025a725de6d3746c2e98126105b7a7f126b7340c540e13fa861c9e268
-
SHA512
51f60dd1907f6eddc5c29260b8c88714792a0083f09745479db4aed5deb188be1e07740fbe2bc467eef4174d06d6c5899f4499ae11f82699d011222a1f1209c1
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13482
-
Size
1.3MB
-
MD5
e9b6740e41a0542f4ad328e00acd7afb
-
SHA1
98b5cb95aa4cbb0c97a772a2d76592a7c3ffc87c
-
SHA256
aad93ff025a725de6d3746c2e98126105b7a7f126b7340c540e13fa861c9e268
-
SHA512
51f60dd1907f6eddc5c29260b8c88714792a0083f09745479db4aed5deb188be1e07740fbe2bc467eef4174d06d6c5899f4499ae11f82699d011222a1f1209c1
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-