General
-
Target
Factura Serfinanza075728689544681589138450755.exe
-
Size
178KB
-
Sample
210423-zccw2nkhlj
-
MD5
c18be2c2ed330866ac36fa08363cf58b
-
SHA1
625c4a4390f3ec92e44f343d86110e71d71b3d5f
-
SHA256
584edf26fed1b12e7abb512248a729e7aa7cb8c7fe19c3770cf3f763adaf730e
-
SHA512
9d50f47276fde6617ff668796c7fd62fdba06983a6106761cef46dc395ab0c8f86c065ca3be3f8231ea2a2626e929c8d3b0b2711f31389f607d97bfb919bbe2e
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
Factura Serfinanza075728689544681589138450755.exe
-
Size
178KB
-
MD5
c18be2c2ed330866ac36fa08363cf58b
-
SHA1
625c4a4390f3ec92e44f343d86110e71d71b3d5f
-
SHA256
584edf26fed1b12e7abb512248a729e7aa7cb8c7fe19c3770cf3f763adaf730e
-
SHA512
9d50f47276fde6617ff668796c7fd62fdba06983a6106761cef46dc395ab0c8f86c065ca3be3f8231ea2a2626e929c8d3b0b2711f31389f607d97bfb919bbe2e
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-