General
-
Target
RFQ-00205-0305.exe
-
Size
753KB
-
Sample
210503-za3tfs6xkn
-
MD5
621cb2fb281f8fc1a1e0bfdbd317570e
-
SHA1
378b0726c6d90a9ba4c3f58ca4bef518e6ef6410
-
SHA256
4969dc5e2b7349e189cdc079c2e9e02014e559d1315564b6d6fd18eeb252c605
-
SHA512
bc257309d57129ae19402e25be0b69243f7fdc9686d0d690d9ce4357f311d0487bfa05569f79e530ba3b936dee55e7137b3ccb73cd660830c823da482c8ce5ba
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-00205-0305.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ-00205-0305.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
style.ptbagasps.co.id:42024
Targets
-
-
Target
RFQ-00205-0305.exe
-
Size
753KB
-
MD5
621cb2fb281f8fc1a1e0bfdbd317570e
-
SHA1
378b0726c6d90a9ba4c3f58ca4bef518e6ef6410
-
SHA256
4969dc5e2b7349e189cdc079c2e9e02014e559d1315564b6d6fd18eeb252c605
-
SHA512
bc257309d57129ae19402e25be0b69243f7fdc9686d0d690d9ce4357f311d0487bfa05569f79e530ba3b936dee55e7137b3ccb73cd660830c823da482c8ce5ba
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-