Extracted

• • Target

    offer_05634.xlsm

  • Size

    115KB

  • MD5

    3e0bbe29e435b2a5bf66091b2bc4efcf

  • SHA1

    af4abd629cf997d80e2a57a37c4fd6408097e324

  • SHA256

    27ba6b6b56747320708fc658ba659bc5d3f77545453ee879cfc6ae210636786c

  • SHA512

    1acd893cd2d57573221dec7ec553eb7f513902d34c8669c15469ec1ca5829d6524cc5c4623c9cf39e863d6203e83343ac1915d2ee24a6be0a2eafdfa353d5c4c

  Score

  10^/10

  hancitorpony0405_784793234downloaderratspywarestealer

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Process spawned suspicious child process

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2