General
-
Target
WACKER - 000160847.xls
-
Size
1.1MB
-
Sample
200630-ng77a5pbve
-
MD5
9e2c88810138b0856bda192ae70d34c4
-
SHA1
579853532fadf08ef8ed7369d6d596af619bdf5a
-
SHA256
612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e
-
SHA512
eb6d05e14c0fcf4747970f3c1d9f227837a3ff04b88c5ad802c643453ee4978e4e080575016f4210e934d27a967e80cbf7c29f0e375a810be5067c94b52f1318
Static task
static1
Behavioral task
behavioral1
Sample
WACKER - 000160847.xls
Resource
win7
Malware Config
Extracted
http://officeservicecorp.biz/Lab.jpg
Targets
-
-
Target
WACKER - 000160847.xls
-
Size
1.1MB
-
MD5
9e2c88810138b0856bda192ae70d34c4
-
SHA1
579853532fadf08ef8ed7369d6d596af619bdf5a
-
SHA256
612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e
-
SHA512
eb6d05e14c0fcf4747970f3c1d9f227837a3ff04b88c5ad802c643453ee4978e4e080575016f4210e934d27a967e80cbf7c29f0e375a810be5067c94b52f1318
-
NetWire RAT payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-