General
-
Target
Factura Serfinanza023854786775241209783648129.exe
-
Size
3.3MB
-
Sample
210506-mlwvamex4s
-
MD5
3b36fe43f9384fcbdfe4e1072890dd97
-
SHA1
6acaffd1dd94af1f93a625158a6cf96797363d20
-
SHA256
5644ffdefed81871ac28af49ae9bf45eee20fe6742da2b07f2c71badac020c1c
-
SHA512
7f8e82c4e60961a690dd30b932462ff1743c581ea1b7259aac7b7ca59b4633e5809497d60d50df8d6d06d326551c15e922478d137c3de8596a76639732c58a9b
Static task
static1
Behavioral task
behavioral1
Sample
Factura Serfinanza023854786775241209783648129.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Factura Serfinanza023854786775241209783648129.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
Factura Serfinanza023854786775241209783648129.exe
-
Size
3.3MB
-
MD5
3b36fe43f9384fcbdfe4e1072890dd97
-
SHA1
6acaffd1dd94af1f93a625158a6cf96797363d20
-
SHA256
5644ffdefed81871ac28af49ae9bf45eee20fe6742da2b07f2c71badac020c1c
-
SHA512
7f8e82c4e60961a690dd30b932462ff1743c581ea1b7259aac7b7ca59b4633e5809497d60d50df8d6d06d326551c15e922478d137c3de8596a76639732c58a9b
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-