General
-
Target
Jc7rIzvMGq2Y04X5z29E.exe
-
Size
1.1MB
-
Sample
210505-ak2a5qdy7j
-
MD5
b2ca9a4f140ad9b0c7d4ee5270f80457
-
SHA1
20a0bc87b558a4c1266f33b12f659f0e298d74cd
-
SHA256
8ddbf9769d71a2b946894307864aa35aee8afb86a469a6c032b7eaa1225bc720
-
SHA512
45d9f9c4aa3949cbebf2ccbb34bfc45843c81864cd9c3a510dd12d235b6d841537fcc1fd7749dbaf232bdd42513b4dd1ff9fcb79697f5cb0728f671718bd9996
Static task
static1
Behavioral task
behavioral1
Sample
Jc7rIzvMGq2Y04X5z29E.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Jc7rIzvMGq2Y04X5z29E.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
style.ptbagasps.co.id:42024
Targets
-
-
Target
Jc7rIzvMGq2Y04X5z29E.exe
-
Size
1.1MB
-
MD5
b2ca9a4f140ad9b0c7d4ee5270f80457
-
SHA1
20a0bc87b558a4c1266f33b12f659f0e298d74cd
-
SHA256
8ddbf9769d71a2b946894307864aa35aee8afb86a469a6c032b7eaa1225bc720
-
SHA512
45d9f9c4aa3949cbebf2ccbb34bfc45843c81864cd9c3a510dd12d235b6d841537fcc1fd7749dbaf232bdd42513b4dd1ff9fcb79697f5cb0728f671718bd9996
Score10/10-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-