General
-
Target
674457.xlsm
-
Size
48KB
-
Sample
200713-7gqreghvfx
-
MD5
7dea468f495bfad5b8eacb2abe0ecd27
-
SHA1
9da52def8e221d8e9d394931e77fd5441930f351
-
SHA256
1943b72d34dbaf3abb226d62d68a4d27fe012c8a978ef1d32e393172d4b201d7
-
SHA512
9658a234116bbc5ac22a9b6c26d8a73c9b133cc51716f8f6bf2ec36f021f4d6b60fe5734942099ba1c78ecb74176b7f47985d792396bf7e317c891d582f12169
Malware Config
Targets
-
-
Target
674457.xlsm
-
Size
48KB
-
MD5
7dea468f495bfad5b8eacb2abe0ecd27
-
SHA1
9da52def8e221d8e9d394931e77fd5441930f351
-
SHA256
1943b72d34dbaf3abb226d62d68a4d27fe012c8a978ef1d32e393172d4b201d7
-
SHA512
9658a234116bbc5ac22a9b6c26d8a73c9b133cc51716f8f6bf2ec36f021f4d6b60fe5734942099ba1c78ecb74176b7f47985d792396bf7e317c891d582f12169
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-