Extracted

• • Target

    PO 00759411.exe

  • Size

    717KB

  • MD5

    8b95bfa95fe71502a5aa0f4a2c8a4057

  • SHA1

    cd162d754540a4a6083c3ab9ed1876749c7d87a3

  • SHA256

    158aae7be7b74ab461bb3afcb61d9385f7122ae86c89a32b33312be7d7ce3ec3

  • SHA512

    7ca8363fba2a01b23dd9ea669582ef7d9b04b9b6f7a2fe3fb09d4277cb435ea473473501be8ad7f41bd76264a861f0375d026a3327e3b051cccaca22a699359b

  • SSDEEP

    12288:bzt8QKGxDs2ePvIrxWOgSYJSFj4/uceTCEd1Gx7giPn8Ybtd58nnfy8sMYVM/a:bzKQRxA2kIrZPYJCYm1GhFf8YbtQnKVN

  Score

  10^/10

  guloaderremcosremotehostdiscoverydownloaderrat

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2