General
-
Target
COVID 19 IVN AND CREW LIST.xlsx
-
Size
628KB
-
Sample
210505-lj1ez6axzx
-
MD5
c64491aa41027a5b0df3658bbc85ae47
-
SHA1
dee8920d1755a26544f73cfbc66a0abb9aca7670
-
SHA256
5299caa8131b3b21fb96123e8b9d0ce675bfa5287df1e0703e192e5087e40591
-
SHA512
f70e1efab4dff9f781b7a7312cb144d8f10a5691d4b560d0b5f77a96d3d33ce66f264a7f32e061a60bfe19cfe7c74ee1974e3f1d35ffc8807b05fb7614b279a9
Static task
static1
Behavioral task
behavioral1
Sample
COVID 19 IVN AND CREW LIST.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
COVID 19 IVN AND CREW LIST.xlsx
Resource
win10v20210410
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
COVID 19 IVN AND CREW LIST.xlsx
-
Size
628KB
-
MD5
c64491aa41027a5b0df3658bbc85ae47
-
SHA1
dee8920d1755a26544f73cfbc66a0abb9aca7670
-
SHA256
5299caa8131b3b21fb96123e8b9d0ce675bfa5287df1e0703e192e5087e40591
-
SHA512
f70e1efab4dff9f781b7a7312cb144d8f10a5691d4b560d0b5f77a96d3d33ce66f264a7f32e061a60bfe19cfe7c74ee1974e3f1d35ffc8807b05fb7614b279a9
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-