General
-
Target
2db81d3e2b2588c5155ebf3be7662471.exe
-
Size
1.1MB
-
Sample
210420-ctk1nj7ld2
-
MD5
2db81d3e2b2588c5155ebf3be7662471
-
SHA1
2d3dd98badce3abbeada81537c708e38ac1fcbd4
-
SHA256
9190802aebd14316ced550d2102f2650a2b4e3d08ec32e4c95ab722db7206e1f
-
SHA512
61500e784d9f26b2f1f56158eab5f125597e13f43c9c07a9b8ff4924e9b05bc4245c597efb1fbf1e9b9050db63130a90aaaac9e12118586ffee9ee85c2a0a8f2
Static task
static1
Behavioral task
behavioral1
Sample
2db81d3e2b2588c5155ebf3be7662471.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2db81d3e2b2588c5155ebf3be7662471.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
fieldsdegreenf.duckdns.org:6553
aaeeerbbbeee.duckdns.org:6553
Targets
-
-
Target
2db81d3e2b2588c5155ebf3be7662471.exe
-
Size
1.1MB
-
MD5
2db81d3e2b2588c5155ebf3be7662471
-
SHA1
2d3dd98badce3abbeada81537c708e38ac1fcbd4
-
SHA256
9190802aebd14316ced550d2102f2650a2b4e3d08ec32e4c95ab722db7206e1f
-
SHA512
61500e784d9f26b2f1f56158eab5f125597e13f43c9c07a9b8ff4924e9b05bc4245c597efb1fbf1e9b9050db63130a90aaaac9e12118586ffee9ee85c2a0a8f2
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-