General
-
Target
SecuriteInfo.com.Generic.mg.80f76c27257e6f3e.8558
-
Size
1.3MB
-
Sample
210121-9bl3464hla
-
MD5
80f76c27257e6f3e7566b9ef3ea79503
-
SHA1
17fd209d1ab414da48dae8f2a5b83a435d2ecb21
-
SHA256
69dcf72c5f8c1751c5b144899cd43d26c7a639748d4b9a6de53bd4e3a492da3b
-
SHA512
801a4fc0c77a8efe7ca72eadd49ba8a449f8ff3112b114eba282f26bab55990d54bcf0ade39d195d60def9d791b16b2c90e6d9c4c56ba994a0f0d77abb718f4b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.80f76c27257e6f3e.8558.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.80f76c27257e6f3e.8558.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu:2024
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.80f76c27257e6f3e.8558
-
Size
1.3MB
-
MD5
80f76c27257e6f3e7566b9ef3ea79503
-
SHA1
17fd209d1ab414da48dae8f2a5b83a435d2ecb21
-
SHA256
69dcf72c5f8c1751c5b144899cd43d26c7a639748d4b9a6de53bd4e3a492da3b
-
SHA512
801a4fc0c77a8efe7ca72eadd49ba8a449f8ff3112b114eba282f26bab55990d54bcf0ade39d195d60def9d791b16b2c90e6d9c4c56ba994a0f0d77abb718f4b
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-