General
-
Target
DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe
-
Size
415KB
-
Sample
210426-wj1nx61p4n
-
MD5
9410edb3f57915bbc892e500d79b8a97
-
SHA1
038c25de7dcf774d06cfdfaf3ce12197e2c76e15
-
SHA256
c52300fe42f736d2a9f3dbdb038163b3f59a3433270d24d1644e75e312a14758
-
SHA512
daf9cbdc276c78534d420c76c7caa126cabf83d437425cccea2130f8e431b6a2339cfce03487b0512ac621850a829303f4732287e2faa361b9a278ed6f4a0d6f
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
dominoduck2103.duckdns.org:9792
Targets
-
-
Target
DOCUMENTACION_PROCESO_DE_COBRO_FORMAL_INICIADO_POR_SALDOS_EN_MORA_IMPUESTOS_TERRITORIALESpdf.exe
-
Size
415KB
-
MD5
9410edb3f57915bbc892e500d79b8a97
-
SHA1
038c25de7dcf774d06cfdfaf3ce12197e2c76e15
-
SHA256
c52300fe42f736d2a9f3dbdb038163b3f59a3433270d24d1644e75e312a14758
-
SHA512
daf9cbdc276c78534d420c76c7caa126cabf83d437425cccea2130f8e431b6a2339cfce03487b0512ac621850a829303f4732287e2faa361b9a278ed6f4a0d6f
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of SetThreadContext
-