General
-
Target
Request for Quotation.exe
-
Size
241KB
-
Sample
210223-nzxy42x2fn
-
MD5
ae4bd6c5a7eaa50704d43d6054fc5dbd
-
SHA1
ab597cfc0433999f2032c56fe2c9e17081bcab46
-
SHA256
8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
-
SHA512
b7b0b772a5e9e969f3d5389c1c12f053a5b3a7aa774fffa3a2dac8903df09a2a6b9d242a4f1fb63602d7581226ec647be44139d27aacd82dbec6242bcd3bab43
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
103.89.88.238:4299
Targets
-
-
Target
Request for Quotation.exe
-
Size
241KB
-
MD5
ae4bd6c5a7eaa50704d43d6054fc5dbd
-
SHA1
ab597cfc0433999f2032c56fe2c9e17081bcab46
-
SHA256
8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
-
SHA512
b7b0b772a5e9e969f3d5389c1c12f053a5b3a7aa774fffa3a2dac8903df09a2a6b9d242a4f1fb63602d7581226ec647be44139d27aacd82dbec6242bcd3bab43
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-