Extracted

• • Target

    first3.exe

  • Size

    97KB

  • MD5

    60763685da4acaa59a9803fe45aab4ac

  • SHA1

    53ff1579dcc4bf9ace3a68b3f93cdf962e5e12ee

  • SHA256

    2cb8c87ed1ad2b46a43e22ac43dd47f0dddc8d4046c281f2e996bb991bd8b470

  • SHA512

    f4f54bfa82e6b18dd71ad75fa8bf50c50d4237fa28ba6ba357503ff0b6d5d7d04d037569e385c7464d1fb21e1b5edc9dc8c7403a48420a83963b489e8a272835

  Score

  10^/10

  remcosevasionpersistencerattrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Turns off Windows Defender SpyNet reporting

    evasion

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2