General
-
Target
f0a5fd395db2cf8671283b2dc43f6843.exe
-
Size
33KB
-
Sample
210420-7pvb69nzve
-
MD5
f0a5fd395db2cf8671283b2dc43f6843
-
SHA1
1e611428e4a06772e761419ddd2f1000130a97cb
-
SHA256
8a9a6384ca9858fd73b17063871825e60a989f230bf46bbe478c723e13f7cfad
-
SHA512
06fc9b93aa91611b211c5c003ec098fb8e6014ced008cf636d3d73dff4c7445b23de9043d256c5910bf3a47ca727ab5489eceaa9d19c67317ceeb8e2ca2627ac
Static task
static1
Behavioral task
behavioral1
Sample
f0a5fd395db2cf8671283b2dc43f6843.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
f0a5fd395db2cf8671283b2dc43f6843.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
sandshoe.myfirewall.org:2415
Targets
-
-
Target
f0a5fd395db2cf8671283b2dc43f6843.exe
-
Size
33KB
-
MD5
f0a5fd395db2cf8671283b2dc43f6843
-
SHA1
1e611428e4a06772e761419ddd2f1000130a97cb
-
SHA256
8a9a6384ca9858fd73b17063871825e60a989f230bf46bbe478c723e13f7cfad
-
SHA512
06fc9b93aa91611b211c5c003ec098fb8e6014ced008cf636d3d73dff4c7445b23de9043d256c5910bf3a47ca727ab5489eceaa9d19c67317ceeb8e2ca2627ac
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-