General
-
Target
ADJUNTO_EXTRACTO_256728330978625955057149_1059671258198438428245220_479639936823168180923985_7125545135786632657046_pdf.
-
Size
133KB
-
Sample
210427-qzvrvrgpzj
-
MD5
8206b546d135a6cd1c6c4515accc4219
-
SHA1
9ff276fb9754f876cbbce3ca4f69b40c368e86e3
-
SHA256
3781825b53e1bcc9ba8bd6790b399bda60bfc588e980670c54b98b852d639d94
-
SHA512
6869b2bf89fa36943c44395ca8f133773be55cacc3b84e5d1ba311f7f385093235e95c1ce6cc6ca09bbb5c569d4dcf7bd973fc946464b03a8c034fdd8f7f0aa3
Static task
static1
Behavioral task
behavioral1
Sample
ADJUNTO_EXTRACTO_256728330978625955057149_1059671258198438428245220_479639936823168180923985_7125545135786632657046_pdf..exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ADJUNTO_EXTRACTO_256728330978625955057149_1059671258198438428245220_479639936823168180923985_7125545135786632657046_pdf..exe
Resource
win10v20210408
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
ADJUNTO_EXTRACTO_256728330978625955057149_1059671258198438428245220_479639936823168180923985_7125545135786632657046_pdf.
-
Size
133KB
-
MD5
8206b546d135a6cd1c6c4515accc4219
-
SHA1
9ff276fb9754f876cbbce3ca4f69b40c368e86e3
-
SHA256
3781825b53e1bcc9ba8bd6790b399bda60bfc588e980670c54b98b852d639d94
-
SHA512
6869b2bf89fa36943c44395ca8f133773be55cacc3b84e5d1ba311f7f385093235e95c1ce6cc6ca09bbb5c569d4dcf7bd973fc946464b03a8c034fdd8f7f0aa3
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-