General
-
Target
IMG-20210406-WA0004-55YH701.rar
-
Size
296KB
-
Sample
210413-te4pcrw65e
-
MD5
18f94106296f1ef173a670b2c833ec3c
-
SHA1
d8f16cc20f6ccdee49271ac1640de89d0e795843
-
SHA256
13d2043597d9277e97a4996c4f04266e462b4332a0df325417bf7ac578376c7c
-
SHA512
c8da099e6595c09c403cc8e6e35793c432569af216a94b8de8d4e8334eb2a2d3a52d1bff91cda035c0489c5c8784894fa164cb8218d78c9daf4c4a71d2a7e196
Static task
static1
Behavioral task
behavioral1
Sample
IMG-20210406-WA0004-55YH701.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
IMG-20210406-WA0004-55YH701.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
www.swqrn.com:16108
Targets
-
-
Target
IMG-20210406-WA0004-55YH701.exe
-
Size
761KB
-
MD5
d7de799d728a8effd9e4ef0f6a776e88
-
SHA1
4b4a18a2c6d6e0b9ea6cfd6175b064f1622f4620
-
SHA256
770239e721583e7852323517a01a9bc5ec4922e612104b48ae79ae442c0c697f
-
SHA512
77b29325453c72bd997b199fa728e5d8572f274a856ed2a0989a46c34f3bc101b12cf27d9c9f67b5dd3704e2a74151e4f657bb4b1f33439bc92d853d389f1b4f
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-