Extracted

• • Target

    Factura Serfinanza085399218111227761873550570.exe

  • Size

    3.2MB

  • MD5

    8ba405455cf8c6776dc01cce9faef2ee

  • SHA1

    f8b3e8ae0c018abd50dbc7fa4d9e50760fdf32f1

  • SHA256

    17828f7e3aa63c317b04baf8c3dbd4e069c12f66f45ae438094ae17cb7f5c7b9

  • SHA512

    7e7da9f56e5fdd7da68f052e85e5a8a5091f2d4de03b75cf582e979505c2d755eb889459f8fe9ce95a57b5dfe5e47e2a5703dd6d23d94cc146de381c0aae0fd2

  Score

  10^/10

  remcosevasionpersistencerattrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Turns off Windows Defender SpyNet reporting

    evasion

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2