General
-
Target
EXTRACTO_SERFINANZA_475481343360613456378_796289261659419553089_063500257046876715902044919_21933789983685164831902122_p
-
Size
186KB
-
Sample
210426-dxf8skf67n
-
MD5
57b6e8cbb49f9e7cfed5bb1e5d2c78d7
-
SHA1
b0f907aa92d5b35b5b5fcad992f504525d04a87f
-
SHA256
5599b3c6b633d903c29de06459acba19fc1cf0615038c01771b0b5f1c4e5cb8b
-
SHA512
1762d9f5f83692c87c4489899b2e6c5140ba16ca9444041a01381982f70697ea720342cc605a106e30f386edc884223e4a8ba353aeb7d8a6c4f3b2d29b065305
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTO_SERFINANZA_475481343360613456378_796289261659419553089_063500257046876715902044919_21933789983685164831902122_p
-
Size
186KB
-
MD5
57b6e8cbb49f9e7cfed5bb1e5d2c78d7
-
SHA1
b0f907aa92d5b35b5b5fcad992f504525d04a87f
-
SHA256
5599b3c6b633d903c29de06459acba19fc1cf0615038c01771b0b5f1c4e5cb8b
-
SHA512
1762d9f5f83692c87c4489899b2e6c5140ba16ca9444041a01381982f70697ea720342cc605a106e30f386edc884223e4a8ba353aeb7d8a6c4f3b2d29b065305
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-