General
-
Target
XEG.exe
-
Size
1.8MB
-
Sample
210511-9v983a7r5n
-
MD5
c92c34ed08c2495905803b41a57aa7f3
-
SHA1
7a9cc21adf388ef89d9056dd58c556d747021593
-
SHA256
72849c508e7534ebab7eb520f72ba0e7811ea7bb01a37400e1031c176d84b23a
-
SHA512
01a4dcff6c1f4bee51cbc9dbcba59d9434e16cc4cad35078785ab349161457a8ca538eda6493376bbac9b17cf8a29d76335c7228394a9831ee42e0aa5134b554
Static task
static1
Behavioral task
behavioral1
Sample
XEG.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
XEG.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
XEG.exe
-
Size
1.8MB
-
MD5
c92c34ed08c2495905803b41a57aa7f3
-
SHA1
7a9cc21adf388ef89d9056dd58c556d747021593
-
SHA256
72849c508e7534ebab7eb520f72ba0e7811ea7bb01a37400e1031c176d84b23a
-
SHA512
01a4dcff6c1f4bee51cbc9dbcba59d9434e16cc4cad35078785ab349161457a8ca538eda6493376bbac9b17cf8a29d76335c7228394a9831ee42e0aa5134b554
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-