Extracted

• • Target

    Factura Serfinanza095207277561125631669632022.exe

  • Size

    179KB

  • MD5

    289184d1dd4eea5bcac7d4d2a6441ea7

  • SHA1

    8714529d874e8928fdcc10c968587c9755a60e12

  • SHA256

    d5da11c22f87af583d01eb5f0f1afb6c7e471659b9736a4c80745a082f2ffe37

  • SHA512

    9c2d1e9b80925b9e91b5361cf305828a117d652eebe1c122434b1e0c831f382a262cd8449acc66f40efe51ed5b6d44bd3d63f6b709b8666161e040ba45745670

  Score

  10^/10

  remcosevasionpersistencerattrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Turns off Windows Defender SpyNet reporting

    evasion

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2