General
-
Target
SERFINANZA_EXTRACTO_9429299304353174728403_23412551137329424487110_9573524169573054383615259_639869929291807056373_pdf.e
-
Size
3.3MB
-
Sample
210506-x4t9lz52bs
-
MD5
2167310bfc6911706be2abfadbb25a07
-
SHA1
973e9cdaae27067d21bd2ed290ee2fb3139e3f6a
-
SHA256
a11a2be54b4e16b1ad08516b46da1ded79de8b7a31e4cf7537e21abce1639816
-
SHA512
713f1d20e27f2d19ffb83a5a20043e045ad6a42b7487eb7d945350ecb91035ae8049ff603785e25ac131b1e49ca4ecb5e478ebbeb39104b1b883b706835ec8a7
Static task
static1
Behavioral task
behavioral1
Sample
SERFINANZA_EXTRACTO_9429299304353174728403_23412551137329424487110_9573524169573054383615259_639869929291807056373_pdf.e.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SERFINANZA_EXTRACTO_9429299304353174728403_23412551137329424487110_9573524169573054383615259_639869929291807056373_pdf.e.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
databasepropersonombrecomercialideasearchwords.services:3521
Targets
-
-
Target
SERFINANZA_EXTRACTO_9429299304353174728403_23412551137329424487110_9573524169573054383615259_639869929291807056373_pdf.e
-
Size
3.3MB
-
MD5
2167310bfc6911706be2abfadbb25a07
-
SHA1
973e9cdaae27067d21bd2ed290ee2fb3139e3f6a
-
SHA256
a11a2be54b4e16b1ad08516b46da1ded79de8b7a31e4cf7537e21abce1639816
-
SHA512
713f1d20e27f2d19ffb83a5a20043e045ad6a42b7487eb7d945350ecb91035ae8049ff603785e25ac131b1e49ca4ecb5e478ebbeb39104b1b883b706835ec8a7
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-