General
-
Target
ÖİŞSHvTA-VESTEL-20210420-54 .doc
-
Size
571KB
-
Sample
210420-p6eah2smb2
-
MD5
0745dc458a74f72ad039fa42490f707a
-
SHA1
df2106969f24177a5eab2395133e7e55f6b54694
-
SHA256
a9774fd16be147772d323568f1db15cfbb8275e4462d9356c0509c33d816e8fa
-
SHA512
866ba0506b2c79878c32b88f1381e1183abd9fe43577acbd59aef3bd1be947d6b9d6495da3de4d66752417b86128c17ce616980db16dd7e4c263832f841d2146
Static task
static1
Behavioral task
behavioral1
Sample
ÖİŞSHvTA-VESTEL-20210420-54 .doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ÖİŞSHvTA-VESTEL-20210420-54 .doc
Resource
win10v20210408
Malware Config
Extracted
remcos
arttronova124.duckdns.org:3030
Targets
-
-
Target
ÖİŞSHvTA-VESTEL-20210420-54 .doc
-
Size
571KB
-
MD5
0745dc458a74f72ad039fa42490f707a
-
SHA1
df2106969f24177a5eab2395133e7e55f6b54694
-
SHA256
a9774fd16be147772d323568f1db15cfbb8275e4462d9356c0509c33d816e8fa
-
SHA512
866ba0506b2c79878c32b88f1381e1183abd9fe43577acbd59aef3bd1be947d6b9d6495da3de4d66752417b86128c17ce616980db16dd7e4c263832f841d2146
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-