General
-
Target
ad94b98e49e2c5f974483313942e5968.exe
-
Size
888KB
-
Sample
210506-vw1rcyeps6
-
MD5
4831c6d14c3a2135226c3e581bb4013f
-
SHA1
44a2ce6196d4467b6ae78a625d346f9008935630
-
SHA256
311e25c8370ed1c16a72cf163c48090f3e73495bc5fbc3a824635e9cc62f70e1
-
SHA512
c06db0e8e11f9d185f73a0e3786bc4b94904c532c3af50be0badc983d48b7aa66dec429e25de755bcfeadf371e48843f6531024acbd32afca9970991bc57da30
Static task
static1
Behavioral task
behavioral1
Sample
ad94b98e49e2c5f974483313942e5968.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ad94b98e49e2c5f974483313942e5968.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
sandshoe.myfirewall.org:2404
sandshoe.myfirewall.org:2415
Targets
-
-
Target
ad94b98e49e2c5f974483313942e5968.exe
-
Size
888KB
-
MD5
4831c6d14c3a2135226c3e581bb4013f
-
SHA1
44a2ce6196d4467b6ae78a625d346f9008935630
-
SHA256
311e25c8370ed1c16a72cf163c48090f3e73495bc5fbc3a824635e9cc62f70e1
-
SHA512
c06db0e8e11f9d185f73a0e3786bc4b94904c532c3af50be0badc983d48b7aa66dec429e25de755bcfeadf371e48843f6531024acbd32afca9970991bc57da30
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-