General
-
Target
Payment Invoice PDF.exe
-
Size
531KB
-
Sample
210121-gl5nd9l2f2
-
MD5
d0cf67cc18970f999e6fb9fad2f96493
-
SHA1
d5adc1b8c78a138969f0bb7b50219ad9ad682e5c
-
SHA256
8084639a37257615b09beac5c8f681aa2115ece62fcb003fc8ddadb0d833fdb7
-
SHA512
d4316989136e547180e6abd118d74e192ed16a1a314b6949e93e16b3a417c1329174646eca1673813d17ca68100da5c017f3905bc0af9f845f9b62abea54db92
Static task
static1
Behavioral task
behavioral1
Sample
Payment Invoice PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment Invoice PDF.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
mikegrace2021.ddns.net:1999
Targets
-
-
Target
Payment Invoice PDF.exe
-
Size
531KB
-
MD5
d0cf67cc18970f999e6fb9fad2f96493
-
SHA1
d5adc1b8c78a138969f0bb7b50219ad9ad682e5c
-
SHA256
8084639a37257615b09beac5c8f681aa2115ece62fcb003fc8ddadb0d833fdb7
-
SHA512
d4316989136e547180e6abd118d74e192ed16a1a314b6949e93e16b3a417c1329174646eca1673813d17ca68100da5c017f3905bc0af9f845f9b62abea54db92
Score10/10-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-