Extracted

• • Target

    Factura Serfinanza038612482397383420891150743.exe

  • Size

    3.3MB

  • MD5

    d3125370ba418b71a02b9365db6929d0

  • SHA1

    6b8430a8b5bd8965bbac50feac7255d631d41f5c

  • SHA256

    566f71be697a18778afe097f9461ef1fa7f6fbf0cf634995561e971814eae319

  • SHA512

    40807071b38bc0ec37d7d6f061d23e06017d9738bfa11b5383fce7d31a4c152bdd5090b3243c0bd28eb5676341e0b2dbc2d411cb6d53cc11276e94a2ae92b1eb

  Score

  10^/10

  remcosevasionpersistencerattrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Turns off Windows Defender SpyNet reporting

    evasion

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2