General
-
Target
Vessel Doc.xlsm
-
Size
51KB
-
Sample
200709-fd6pfgtwtn
-
MD5
72f51b4c2716e361a9e2d2fc602dd87a
-
SHA1
8fe3c6e18ac9f56746ad3460976c8a8496a85ea8
-
SHA256
83d3fbe275cdaf290cbe7b9b9e6ac3283992a23a5138604c31f5f698d97b9249
-
SHA512
0033afeba21d012c5924c87c56d447abaf83484b32e283c40ec2af3f9c8cb608659020f1f8eaca73d17da6b4bb43df997eca90c209bafd98413d432164be46f8
Malware Config
Targets
-
-
Target
Vessel Doc.xlsm
-
Size
51KB
-
MD5
72f51b4c2716e361a9e2d2fc602dd87a
-
SHA1
8fe3c6e18ac9f56746ad3460976c8a8496a85ea8
-
SHA256
83d3fbe275cdaf290cbe7b9b9e6ac3283992a23a5138604c31f5f698d97b9249
-
SHA512
0033afeba21d012c5924c87c56d447abaf83484b32e283c40ec2af3f9c8cb608659020f1f8eaca73d17da6b4bb43df997eca90c209bafd98413d432164be46f8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-