General
-
Target
SecuriteInfo.com.Variant.Bulz.368783.31325.6282
-
Size
35KB
-
Sample
210223-7e7n45j8a6
-
MD5
741ae9506bfb256797b80215497abbd8
-
SHA1
b637b9f383276cf58a6d0c2190213e6df681821f
-
SHA256
13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2
-
SHA512
bd0e675ca7dcfa64521ab67a01edcaff601a4dd6b696337d26f3d6c1bfa3be250ed739283ae634a016585ce56a40cb555144c53815009c7f3d1b902a9f2622c0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.368783.31325.6282.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Bulz.368783.31325.6282.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.368783.31325.6282
-
Size
35KB
-
MD5
741ae9506bfb256797b80215497abbd8
-
SHA1
b637b9f383276cf58a6d0c2190213e6df681821f
-
SHA256
13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2
-
SHA512
bd0e675ca7dcfa64521ab67a01edcaff601a4dd6b696337d26f3d6c1bfa3be250ed739283ae634a016585ce56a40cb555144c53815009c7f3d1b902a9f2622c0
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-