Extracted

• • Target

    CONFIRM ORDER_O452-11189H6U77,pdf.exe

  • Size

    743KB

  • MD5

    a10b06acd92325678e2b960544c9257f

  • SHA1

    754dfa9962325d7ad6676779bafcd8b5e18d6978

  • SHA256

    6ce1eb96c697ce276022f1a14fe7da73f910487fcfb384d676b28aa55f0c05ca

  • SHA512

    8fef2e063e121fdf49f2d1fedb35aa6bd17fcf15e775f2460d473f13783e9e9f256765c3da6b7aa8334dd096d69c6b5774ba1ee7f703f6e07a4acaabdcc0a249

  Score

  10^/10

  remcosevasionrat

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Uses the VBS compiler for execution

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2