General
-
Target
fhp2piUs5eKb4j2.exe
-
Size
1.3MB
-
Sample
210421-fkwxwv5k72
-
MD5
b934c95a53feaa1acd4ab5ca1bb04a2c
-
SHA1
9adccdb7dbc4f5ad466855da3678df8a967afadc
-
SHA256
27a607812f2e113484b27f50f1337cad704713a356fb24a74103d8ef027da16d
-
SHA512
c29c14295f84a207fb3b80e75eb7fe7702f2f29b65e8406fe898907770f57f631db03c83b85d7a1e3fa88605a85d1f5231a4f17831ad9d98ba4e3d80b2ae97eb
Static task
static1
Behavioral task
behavioral1
Sample
fhp2piUs5eKb4j2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
fhp2piUs5eKb4j2.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
217.138.212.58:52667
Targets
-
-
Target
fhp2piUs5eKb4j2.exe
-
Size
1.3MB
-
MD5
b934c95a53feaa1acd4ab5ca1bb04a2c
-
SHA1
9adccdb7dbc4f5ad466855da3678df8a967afadc
-
SHA256
27a607812f2e113484b27f50f1337cad704713a356fb24a74103d8ef027da16d
-
SHA512
c29c14295f84a207fb3b80e75eb7fe7702f2f29b65e8406fe898907770f57f631db03c83b85d7a1e3fa88605a85d1f5231a4f17831ad9d98ba4e3d80b2ae97eb
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-