General
-
Target
QuotationInvoices.exe
-
Size
516KB
-
Sample
210222-hvtvwgjmcx
-
MD5
9c51e2991c6c9708d783aab030dcc0da
-
SHA1
64accc9e3f84e7365d8236c580b9644427e3f9e3
-
SHA256
572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af
-
SHA512
c8725d2abba8f2ae1c483d948f2909ff73736e4efa415d6a26f91cf2226431720b13f15868b4177d8b581287a1d41c4c051913a0faf8f95f599f14b5133ab5b0
Static task
static1
Behavioral task
behavioral1
Sample
QuotationInvoices.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
greatglass.servebeer.com:1961
Targets
-
-
Target
QuotationInvoices.exe
-
Size
516KB
-
MD5
9c51e2991c6c9708d783aab030dcc0da
-
SHA1
64accc9e3f84e7365d8236c580b9644427e3f9e3
-
SHA256
572a6a6fa5277c2b4cc040710694d33b2def62ab74e2801893d33e92e7b105af
-
SHA512
c8725d2abba8f2ae1c483d948f2909ff73736e4efa415d6a26f91cf2226431720b13f15868b4177d8b581287a1d41c4c051913a0faf8f95f599f14b5133ab5b0
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-