General
-
Target
Scan Order & Samples.zip
-
Size
666KB
-
Sample
210430-hn4qmybtza
-
MD5
204fd1402e1d989febeca251c451ae69
-
SHA1
cd433484b13c919a8e6bbcd233c6812e7d63e39b
-
SHA256
4ac29ae6662d7d435682912253ba40eeba34dd7e1cf9b03654a4a6ac22d1faf8
-
SHA512
1bb1a83157d2ac3320c99e8c2242c796b01ffac722f5c51afd18eaba71a196a051470a579bc61aa7856fc7cb04d1951f60dfb2bb22d1b50755abe0b803786acf
Static task
static1
Behavioral task
behavioral1
Sample
Order Confirmation SO131873.pdf
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Order Confirmation SO131873.pdf
Resource
win10v20210410
Behavioral task
behavioral3
Sample
SCAN_ORDER & SAMPLES.pif.exe
Resource
win7v20210408
Malware Config
Extracted
remcos
remcoswealth.ddns.net:59239
Targets
-
-
Target
Order Confirmation SO131873.pdf
-
Size
76KB
-
MD5
65b409d1799c0dad747e565350aaa582
-
SHA1
d452ea1914e93447163b7768fc73f215838082ba
-
SHA256
7281a07e3e77fa32578f840b57fdd3fc20d7b25c934447df445ade25fd0395db
-
SHA512
7aadd3e03b0491298abd708443bcc68b8e80da68bda54d750e9d8e4876a483052819f04e4be37999ef4bc13e97d5a0e882716b1cd40cc0d395a1e83878e0c137
Score1/10 -
-
-
Target
SCAN_ORDER & SAMPLES.pif
-
Size
987KB
-
MD5
b00712611beb7399b2d3aaca876eb5a9
-
SHA1
25b5ada90dfee19a99b17eaf2495c347ed21cafe
-
SHA256
32c3d29676757629b7ceeafd699c33c14147a79fc07a54889e6f66cd5118b123
-
SHA512
d1f342d17c2f8434c6b7728d31871bce83c9d3f96dbc1bdfd3aff29abfdc5e88853fefb6b195c3ad01f76e31ce0b4c820a1732c53fb94da8441f7e61932476ad
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-