General
-
Target
EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p
-
Size
172KB
-
Sample
210426-fajmn3fq96
-
MD5
1984154af6e8dc43909b7a3880212d6c
-
SHA1
0e1bdb2215010ecd58fb847a06c780e1b67f3cf6
-
SHA256
92aaa412fd4384f56646d3b70ae7e8f4e26e436501ac61b9dd29652162a2997c
-
SHA512
6ddc29c7f542bd4cf140b96edc2fe67be4e3b590c17e81a6638d3f6afc824c572bf01b50cd54877f62ff36a0d3ddac0f5b793f5fc1743365e4b552d69f4f37b7
Static task
static1
Behavioral task
behavioral1
Sample
EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTO_SERFINANZA_763491694580295682345_2506299590056647_254934221025470843464344641438_1557713157182575338992538102_p
-
Size
172KB
-
MD5
1984154af6e8dc43909b7a3880212d6c
-
SHA1
0e1bdb2215010ecd58fb847a06c780e1b67f3cf6
-
SHA256
92aaa412fd4384f56646d3b70ae7e8f4e26e436501ac61b9dd29652162a2997c
-
SHA512
6ddc29c7f542bd4cf140b96edc2fe67be4e3b590c17e81a6638d3f6afc824c572bf01b50cd54877f62ff36a0d3ddac0f5b793f5fc1743365e4b552d69f4f37b7
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-