General
-
Target
93d5a6c80343c85fb4aedd5b1de38613.exe
-
Size
128KB
-
Sample
210420-wsczln5kfa
-
MD5
93d5a6c80343c85fb4aedd5b1de38613
-
SHA1
12e13aba5ea9dc2d86030befeac7c124dc17a6eb
-
SHA256
9626b19106a81d22416acbbe7ea291de316ca3a8f359beb9fe09850649fd5292
-
SHA512
6d30c5c43db627499332d43c1bb0f176be5a26679554229ec493c44342e77093a03e6b5f5576df28cb17d2b6392b3e979d5551393519c187620c9e8856c68e52
Static task
static1
Behavioral task
behavioral1
Sample
93d5a6c80343c85fb4aedd5b1de38613.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
93d5a6c80343c85fb4aedd5b1de38613.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
sandshoe.myfirewall.org:2415
Targets
-
-
Target
93d5a6c80343c85fb4aedd5b1de38613.exe
-
Size
128KB
-
MD5
93d5a6c80343c85fb4aedd5b1de38613
-
SHA1
12e13aba5ea9dc2d86030befeac7c124dc17a6eb
-
SHA256
9626b19106a81d22416acbbe7ea291de316ca3a8f359beb9fe09850649fd5292
-
SHA512
6d30c5c43db627499332d43c1bb0f176be5a26679554229ec493c44342e77093a03e6b5f5576df28cb17d2b6392b3e979d5551393519c187620c9e8856c68e52
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-