General
-
Target
EXTRACTOSERFINANZA894978636268808051252452885.exe
-
Size
179KB
-
Sample
210426-g1ed3d3hsj
-
MD5
be5fb23d73970ef4c664059d1584b709
-
SHA1
2c76f4e442221e65c37cf569da508544d0b99602
-
SHA256
d4752bb762255005415e0dfd254fc06a6d5c432775f35c73e18b2e5c7ecd3b06
-
SHA512
ca27abdeca077b63ea61419d69027acd83d79bfc1676a0932ae530125a08cc98478e4940bb4b6f59308efa5054c6f30d2a31010af503ceb70ceba88133dadb1e
Static task
static1
Behavioral task
behavioral1
Sample
EXTRACTOSERFINANZA894978636268808051252452885.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
EXTRACTOSERFINANZA894978636268808051252452885.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTOSERFINANZA894978636268808051252452885.exe
-
Size
179KB
-
MD5
be5fb23d73970ef4c664059d1584b709
-
SHA1
2c76f4e442221e65c37cf569da508544d0b99602
-
SHA256
d4752bb762255005415e0dfd254fc06a6d5c432775f35c73e18b2e5c7ecd3b06
-
SHA512
ca27abdeca077b63ea61419d69027acd83d79bfc1676a0932ae530125a08cc98478e4940bb4b6f59308efa5054c6f30d2a31010af503ceb70ceba88133dadb1e
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-