General
-
Target
MV Caribe Angela.xlsx
-
Size
179KB
-
Sample
200713-8d1cmjn57j
-
MD5
1b402debe2be6e5bf91e932a8f0c9886
-
SHA1
3d3053788758dcb747a49b20489cde5cec64a3ea
-
SHA256
5e2759a3bbbbf9e8cd16ece86e9fafe5495810e798bbb355af61eb4ec175cae5
-
SHA512
20d9137b2e0d709abbb7edb478a4c3c84817c652d3b40ca4e492aae663ba502cf03bf916fde5aea1056e3591e9cc93f29ec3d71d907ff1e2da5af78153a6e886
Static task
static1
Behavioral task
behavioral1
Sample
MV Caribe Angela.xlsx
Resource
win7
Behavioral task
behavioral2
Sample
MV Caribe Angela.xlsx
Resource
win10v200430
Malware Config
Targets
-
-
Target
MV Caribe Angela.xlsx
-
Size
179KB
-
MD5
1b402debe2be6e5bf91e932a8f0c9886
-
SHA1
3d3053788758dcb747a49b20489cde5cec64a3ea
-
SHA256
5e2759a3bbbbf9e8cd16ece86e9fafe5495810e798bbb355af61eb4ec175cae5
-
SHA512
20d9137b2e0d709abbb7edb478a4c3c84817c652d3b40ca4e492aae663ba502cf03bf916fde5aea1056e3591e9cc93f29ec3d71d907ff1e2da5af78153a6e886
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-