General
-
Target
SCAN_ORDER & SAMPLES.pif
-
Size
987KB
-
Sample
210430-xm5e9lb2ea
-
MD5
b00712611beb7399b2d3aaca876eb5a9
-
SHA1
25b5ada90dfee19a99b17eaf2495c347ed21cafe
-
SHA256
32c3d29676757629b7ceeafd699c33c14147a79fc07a54889e6f66cd5118b123
-
SHA512
d1f342d17c2f8434c6b7728d31871bce83c9d3f96dbc1bdfd3aff29abfdc5e88853fefb6b195c3ad01f76e31ce0b4c820a1732c53fb94da8441f7e61932476ad
Static task
static1
Behavioral task
behavioral1
Sample
SCAN_ORDER & SAMPLES.pif.exe
Resource
win7v20210408
Malware Config
Extracted
remcos
remcoswealth.ddns.net:59239
Targets
-
-
Target
SCAN_ORDER & SAMPLES.pif
-
Size
987KB
-
MD5
b00712611beb7399b2d3aaca876eb5a9
-
SHA1
25b5ada90dfee19a99b17eaf2495c347ed21cafe
-
SHA256
32c3d29676757629b7ceeafd699c33c14147a79fc07a54889e6f66cd5118b123
-
SHA512
d1f342d17c2f8434c6b7728d31871bce83c9d3f96dbc1bdfd3aff29abfdc5e88853fefb6b195c3ad01f76e31ce0b4c820a1732c53fb94da8441f7e61932476ad
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-