General
-
Target
EXTRACTOSERFINANZA596054271198721911813685868.exe
-
Size
132KB
-
Sample
210418-t3b9mgsrzx
-
MD5
01d7130213e93b5f7dc328439f3f426f
-
SHA1
0c613f6efb7a45637545e946dae905751361821b
-
SHA256
532156143b3090b5036a00550bcd98e05d7805ccbbeb2170ae26888d626a64ac
-
SHA512
ac113aef20e05572d549f7271cdf73808699fe1395741c4ba220c986def3d4534473a84e2b4eed341f3aad2029e6e48e05a9d3e3caf06363edbf784ce2aade02
Static task
static1
Behavioral task
behavioral1
Sample
EXTRACTOSERFINANZA596054271198721911813685868.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
EXTRACTOSERFINANZA596054271198721911813685868.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTOSERFINANZA596054271198721911813685868.exe
-
Size
132KB
-
MD5
01d7130213e93b5f7dc328439f3f426f
-
SHA1
0c613f6efb7a45637545e946dae905751361821b
-
SHA256
532156143b3090b5036a00550bcd98e05d7805ccbbeb2170ae26888d626a64ac
-
SHA512
ac113aef20e05572d549f7271cdf73808699fe1395741c4ba220c986def3d4534473a84e2b4eed341f3aad2029e6e48e05a9d3e3caf06363edbf784ce2aade02
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-