General
-
Target
NEW PURCHASE ORDER LISTED ITEMS.exe
-
Size
645KB
-
Sample
210420-mwstyrsezj
-
MD5
5e8ff1a9ec1192bae73ec97729e46d63
-
SHA1
2efd06ad72483238327a9570043159d0ab9ece34
-
SHA256
15acacbd5c928108c9db5e319f23e493f45c3a0c8e8b979f7e760675f916ae2b
-
SHA512
a083c78f12bb5d40c9141d12781d3bf013347d0345307df1d6533753b40dac5f26e8e75610bc5b84821525670af42cc4a2736ba868359548290985593453e146
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER LISTED ITEMS.exe
Resource
win7v20210408
Malware Config
Extracted
remcos
79.134.225.49:1953
Targets
-
-
Target
NEW PURCHASE ORDER LISTED ITEMS.exe
-
Size
645KB
-
MD5
5e8ff1a9ec1192bae73ec97729e46d63
-
SHA1
2efd06ad72483238327a9570043159d0ab9ece34
-
SHA256
15acacbd5c928108c9db5e319f23e493f45c3a0c8e8b979f7e760675f916ae2b
-
SHA512
a083c78f12bb5d40c9141d12781d3bf013347d0345307df1d6533753b40dac5f26e8e75610bc5b84821525670af42cc4a2736ba868359548290985593453e146
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-