General
-
Target
New order.xlsm
-
Size
92KB
-
Sample
200709-lt1vf1h6gx
-
MD5
2433e76542036ab53b138a98eeda548a
-
SHA1
fa75a6ce57ec974345eb05a9d5e587a1eef772be
-
SHA256
148a026124126abf74c390c69fbd0bcebce06b600c6a35630cdce29a85a765fc
-
SHA512
3ae2f70b3d39d85d1befea180ee75815abb20349a90cf3678db2e001d5ac362f68230e30680c897e33a05a6dbc1d8a776505751da043797b15327bb38251d243
Static task
static1
Behavioral task
behavioral1
Sample
New order.xlsm
Resource
win7v200430
Behavioral task
behavioral2
Sample
New order.xlsm
Resource
win10
Malware Config
Extracted
http://sagc.be/svc.exe
Targets
-
-
Target
New order.xlsm
-
Size
92KB
-
MD5
2433e76542036ab53b138a98eeda548a
-
SHA1
fa75a6ce57ec974345eb05a9d5e587a1eef772be
-
SHA256
148a026124126abf74c390c69fbd0bcebce06b600c6a35630cdce29a85a765fc
-
SHA512
3ae2f70b3d39d85d1befea180ee75815abb20349a90cf3678db2e001d5ac362f68230e30680c897e33a05a6dbc1d8a776505751da043797b15327bb38251d243
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-