Register Login

sloganpng

top title background image

payment receipt#4630.exe

Status: finished

Submission Time: 2020-10-16 12:39:33 +02:00

Malicious

Trojan

Evader

Remcos GuLoader

Comments

Tags

Details

Analysis ID:
299140
API (Web) ID:
493382
Analysis Started:

2020-10-16 12:39:34 +02:00
Analysis Finished:

2020-10-16 12:47:38 +02:00
MD5:
ce66c1a1d4e070172bc0c8334b71d990
SHA1:
6523c8255c3793ea3a03cec671fcd18fdef73d37
SHA256:
209280cbe0960634238fd3363bf0f311fe8620c7a38ba06e12c23b6614cdc67b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 90	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
193.161.193.99	Russian Federation
198.54.116.78	United States

Domains

Name	IP	Detection
recom-40698.portmap.io	193.161.193.99
mscni.org	198.54.116.78

URLs

Name	Detection
https://mscni.org/cos_SfvxT237.binn?
https://mscni.org/cos_SfvxT237.bin
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Click to see the 3 hidden entries
https://sectigo.com/CPS0
http://ocsp.sectigo.com0#
http://crt.sectigo.com/SectigoRSADomainValidation(

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\Frist\cos.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Frist\cos.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\install.vbs	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\cos\logs.dat	data	#