Extracted

Extracted

• • Target

    Awb_Shipping_confirmation_doc_010720257820020031808174CN18003010142025.bat.exe

  • Size

    595KB

  • MD5

    dd009056ed546d7cb3b75ef74f748ced

  • SHA1

    39fa6f07ceaf1d545c02702a18dcacc5c57acf0a

  • SHA256

    bfe72721ad2c670966f0d1a30af60b5d697731c31afdd028ee316d32ab2e4e17

  • SHA512

    e93e2802c0b8dab4a384bfdb5d54191438e21d1c7f0228c6f92b0382562d9948869f4ef4610d595e8775556197e4ae68f3e9dc35d6e82495cbc8976655a5ab2b

  • SSDEEP

    12288:UnPdM9EEXsp0807Vhc7PWf/EdNjxwxNkecc9waDhWC8muW:EPdM20/77cbc/Ezs9wgtuW

  Score

  10^/10

  guloaderlatentbotremcosmanifestdiscoverydownloaderpersistencerattrojan

  • Guloader family

    guloader

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Remcos family

    remcos

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    $PLUGINSDIR/System.dll

  • Size

    12KB

  • MD5

    4add245d4ba34b04f213409bfe504c07

  • SHA1

    ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

  • SHA256

    9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

  • SHA512

    1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

  • SSDEEP

    192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

  Score

  3^/10

  discovery
  behavioral3behavioral4