General
-
Target
EXTRACTOSERFINANZA989543704031499704092798964.exe
-
Size
1.8MB
-
Sample
210429-s8hxpfxxxs
-
MD5
2e91e5e3d39ce4155edad4f2a3acf916
-
SHA1
58adf5d60d9da823a4fd62282c0c46134e20e47b
-
SHA256
eb9e13fd092522e4dde08e96961117f9926e3ef70ca3b225f8c388e476541a21
-
SHA512
5d27cd110e8d62d6d3e48f20ecd09c715fe5a98e7c9ce8042559f1d6e8a6ce0d666d262a536b2376b8e2d99beb7ce50dd53e238e2f37df118630945b5cbb4b87
Static task
static1
Behavioral task
behavioral1
Sample
EXTRACTOSERFINANZA989543704031499704092798964.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
EXTRACTOSERFINANZA989543704031499704092798964.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
EXTRACTOSERFINANZA989543704031499704092798964.exe
-
Size
1.8MB
-
MD5
2e91e5e3d39ce4155edad4f2a3acf916
-
SHA1
58adf5d60d9da823a4fd62282c0c46134e20e47b
-
SHA256
eb9e13fd092522e4dde08e96961117f9926e3ef70ca3b225f8c388e476541a21
-
SHA512
5d27cd110e8d62d6d3e48f20ecd09c715fe5a98e7c9ce8042559f1d6e8a6ce0d666d262a536b2376b8e2d99beb7ce50dd53e238e2f37df118630945b5cbb4b87
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-