General
-
Target
SecuriteInfo.com.Trojan.PackedNET.703.13913.18290
-
Size
1.7MB
-
Sample
210505-6ycxege7r2
-
MD5
56626bf21f8de8d051d744973cb2566c
-
SHA1
af13b7b6844342fd2b2784bb01df9a780be5acbe
-
SHA256
495e8980ae0b6b1c68d472e9ef3cdb5eb888f8d0be94309acaa35b20536ee859
-
SHA512
694b761b600301fbd0d87e725903686461dc008c9372776ab01600456581ffb18f875ce84037afca2dff244830b9a72f6a562e6e463d7001794b5daf941f4925
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.703.13913.18290.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.703.13913.18290.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.703.13913.18290
-
Size
1.7MB
-
MD5
56626bf21f8de8d051d744973cb2566c
-
SHA1
af13b7b6844342fd2b2784bb01df9a780be5acbe
-
SHA256
495e8980ae0b6b1c68d472e9ef3cdb5eb888f8d0be94309acaa35b20536ee859
-
SHA512
694b761b600301fbd0d87e725903686461dc008c9372776ab01600456581ffb18f875ce84037afca2dff244830b9a72f6a562e6e463d7001794b5daf941f4925
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-