General
-
Target
Atikmdag Patcher 1.4.8.zip
-
Size
2.1MB
-
Sample
210123-rj2ssxqq7n
-
MD5
2f3daadd74f89ab5d113806d85f966de
-
SHA1
e83d56392bf94a100700766e6d45512d7a2a487e
-
SHA256
03c3c444a6f345e6f24d66a9e61c13ebab340d71a06a8736e1b452927a2b7da8
-
SHA512
220fe47221538b917345f676d2bda6f8f24de65a0e35b616f7f5c85db4952d01966b9aec30eb47afbaf61ac0dda4657ad7a56dd5c759b7ab5b4f26cff57cf17c
Static task
static1
Behavioral task
behavioral1
Sample
Atikmdag Patcher 1.4.8/Atikmdag-Patcher-1.4.8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Atikmdag Patcher 1.4.8/Atikmdag-Patcher-1.4.8.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
37.252.11.23:5858
Targets
-
-
Target
Atikmdag Patcher 1.4.8/Atikmdag-Patcher-1.4.8.exe
-
Size
2.5MB
-
MD5
7173128b01b36c0911e88fb6cc1c967b
-
SHA1
db1d76ecf46d95275fa7b0ff7109dd4e6f7dd775
-
SHA256
e86eb444fe0b44567389ad48953969a60c5bfccadfa1c0e2ec22ada7ad7bd01a
-
SHA512
b89934ca1ba5ec69149d4267501837079cddc28569f60b84b225f6ea6acea8c1b55af163b05305e147b4dcb5f182f7cac2e127e6ec4acdde6c02a487887968b6
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-