General
-
Target
Factura Serfinanza051053709735077235764653194.exe
-
Size
3.3MB
-
Sample
210506-ctpzemhvaa
-
MD5
8e3a6cfb86a8c0696133c3526fe9f04b
-
SHA1
0f35083e3cbffe8eabd59f84c5a0e58c3a284c2a
-
SHA256
673500aef66cdad3be016e872ca2cf17bd814857bf53f7ef24a0f534a3a47dcd
-
SHA512
ed74bfc86a85b64ebddbc50a170ed63245f872a72a682c21a3b80776ebba8f54d3042b7750d7d61dcfde9b9b5884b277765cfae51c2ec538df6cffe4ba431b28
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
Factura Serfinanza051053709735077235764653194.exe
-
Size
3.3MB
-
MD5
8e3a6cfb86a8c0696133c3526fe9f04b
-
SHA1
0f35083e3cbffe8eabd59f84c5a0e58c3a284c2a
-
SHA256
673500aef66cdad3be016e872ca2cf17bd814857bf53f7ef24a0f534a3a47dcd
-
SHA512
ed74bfc86a85b64ebddbc50a170ed63245f872a72a682c21a3b80776ebba8f54d3042b7750d7d61dcfde9b9b5884b277765cfae51c2ec538df6cffe4ba431b28
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-