General
-
Target
EXTRACTOSERFINANZA718365418101786154346661555.exe
-
Size
1.8MB
-
Sample
210429-5gdrcngdvs
-
MD5
4b87651766b45ec78c2c9ea9a6951e5c
-
SHA1
6fd91fe21ba350f55bd6f00d389986084d4e3852
-
SHA256
6993ffac6e8c4020e152ce6ba165cf3efb429908340d2d9c02812dffc019cf0a
-
SHA512
f4e642008a9af3a91b55727636c0155dde65db1d811c776fd2ad7548ae18a52c5642ae6cfab04b9903bd642a10090ea27fe516bd94ddd9fed8af7b5b09c0fb46
Static task
static1
Behavioral task
behavioral1
Sample
EXTRACTOSERFINANZA718365418101786154346661555.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
EXTRACTOSERFINANZA718365418101786154346661555.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTOSERFINANZA718365418101786154346661555.exe
-
Size
1.8MB
-
MD5
4b87651766b45ec78c2c9ea9a6951e5c
-
SHA1
6fd91fe21ba350f55bd6f00d389986084d4e3852
-
SHA256
6993ffac6e8c4020e152ce6ba165cf3efb429908340d2d9c02812dffc019cf0a
-
SHA512
f4e642008a9af3a91b55727636c0155dde65db1d811c776fd2ad7548ae18a52c5642ae6cfab04b9903bd642a10090ea27fe516bd94ddd9fed8af7b5b09c0fb46
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-