General
-
Target
SecuriteInfo.com.Artemis326CF1417127.2024
-
Size
20KB
-
Sample
210122-wsvltb6vhx
-
MD5
326cf1417127868c96d367f522a0b260
-
SHA1
238b48e5544d5654fadfaa25a2a55b024452ad6b
-
SHA256
9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41
-
SHA512
732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Artemis326CF1417127.2024.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Artemis326CF1417127.2024.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
SecuriteInfo.com.Artemis326CF1417127.2024
-
Size
20KB
-
MD5
326cf1417127868c96d367f522a0b260
-
SHA1
238b48e5544d5654fadfaa25a2a55b024452ad6b
-
SHA256
9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41
-
SHA512
732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-