General
-
Target
SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197
-
Size
1.3MB
-
Sample
210121-rqsl1x8lfj
-
MD5
3d63c204511f18510049d2fba3047d8d
-
SHA1
64aac8da141a21ddb1a66616764f9e15eb6d565f
-
SHA256
33cca7e1dc5f3871bdbaa2bd663671a8add0f46a6c56f5ff0b039e3cc0f41af5
-
SHA512
67209b1dbd84ead09ed19003dcb1d6be0665214c23eda836d3607a520b2f1b9efbaeb79bb7ad4ef5c34efeef23fedde670bf51ff4552ef077e20257d28145eaa
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197
-
Size
1.3MB
-
MD5
3d63c204511f18510049d2fba3047d8d
-
SHA1
64aac8da141a21ddb1a66616764f9e15eb6d565f
-
SHA256
33cca7e1dc5f3871bdbaa2bd663671a8add0f46a6c56f5ff0b039e3cc0f41af5
-
SHA512
67209b1dbd84ead09ed19003dcb1d6be0665214c23eda836d3607a520b2f1b9efbaeb79bb7ad4ef5c34efeef23fedde670bf51ff4552ef077e20257d28145eaa
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-