General
-
Target
H-ÖİŞSHvTA-20210420-54.doc
-
Size
570KB
-
Sample
210420-vl8fmdhjte
-
MD5
51e5e69a3706f5b25965e8b9be30f57b
-
SHA1
3529b4ac6af4fef13747ab0e07f17640d0278754
-
SHA256
fcb7b776870f80ea86ed26f7b561dff7a12d9eb98e61eee83033d1bcaa801400
-
SHA512
9df8a95756e505eff3199b9d8cc05bede02f40255d29f83b4e1de7f91aabde9b08b180a02895f51c1f2df73c1c0ebe54606fc94e848a383765f42df4ba1aff6c
Static task
static1
Behavioral task
behavioral1
Sample
H-ÖİŞSHvTA-20210420-54.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
H-ÖİŞSHvTA-20210420-54.doc
Resource
win10v20210408
Malware Config
Extracted
remcos
arttronova124.duckdns.org:3030
Targets
-
-
Target
H-ÖİŞSHvTA-20210420-54.doc
-
Size
570KB
-
MD5
51e5e69a3706f5b25965e8b9be30f57b
-
SHA1
3529b4ac6af4fef13747ab0e07f17640d0278754
-
SHA256
fcb7b776870f80ea86ed26f7b561dff7a12d9eb98e61eee83033d1bcaa801400
-
SHA512
9df8a95756e505eff3199b9d8cc05bede02f40255d29f83b4e1de7f91aabde9b08b180a02895f51c1f2df73c1c0ebe54606fc94e848a383765f42df4ba1aff6c
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-