General
-
Target
Query_Ref_5787533_pdf.exe
-
Size
957KB
-
Sample
210421-gp7ccngkye
-
MD5
0b7883cd326d76228c722b69541cb9a3
-
SHA1
bf513758205dda0b62084d9b9718042aad5c836c
-
SHA256
741ffe5460a43194d3a8cf76729abd8f6a5fb7d991e219037215920195a38c5e
-
SHA512
2bc401cc1ce71ee9f783a67433be84dfa14d2b52715586a2a318cad51db15d3de09370a4ff580efa05935c91e5f7658794467166c5af38f65b8027d310a7b612
Static task
static1
Behavioral task
behavioral1
Sample
Query_Ref_5787533_pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Query_Ref_5787533_pdf.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
kjdes.ddns.net:6062
Targets
-
-
Target
Query_Ref_5787533_pdf.exe
-
Size
957KB
-
MD5
0b7883cd326d76228c722b69541cb9a3
-
SHA1
bf513758205dda0b62084d9b9718042aad5c836c
-
SHA256
741ffe5460a43194d3a8cf76729abd8f6a5fb7d991e219037215920195a38c5e
-
SHA512
2bc401cc1ce71ee9f783a67433be84dfa14d2b52715586a2a318cad51db15d3de09370a4ff580efa05935c91e5f7658794467166c5af38f65b8027d310a7b612
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-