General
-
Target
QQWUO898519.xls
-
Size
39KB
-
Sample
201126-yz3eb76lzs
-
MD5
69544579d4a9498c3cd2b9c9aea28ef2
-
SHA1
a306c59cd211d8b7bd85e47106d35aba7958c803
-
SHA256
e3e9ec3c78971e8899852421651eafa00ab2cc04a2f11022bde16b4c6628a771
-
SHA512
9eea4efcaf9ac62c01d29adf37e618d16b4a9b8e53e70ca53d37cb7c7c5956e73f6e0043b2b416146124724f7fce64398e27d2f6feea4bbab7f5d311c21a001e
Static task
static1
Behavioral task
behavioral1
Sample
QQWUO898519.xls
Resource
win7v20201028
Malware Config
Extracted
http://paste.ee/r/O1pw3
Extracted
httPs://z.zz.ht/k5BuP.txt
httPs://paste.ee/r/LQdRk
Targets
-
-
Target
QQWUO898519.xls
-
Size
39KB
-
MD5
69544579d4a9498c3cd2b9c9aea28ef2
-
SHA1
a306c59cd211d8b7bd85e47106d35aba7958c803
-
SHA256
e3e9ec3c78971e8899852421651eafa00ab2cc04a2f11022bde16b4c6628a771
-
SHA512
9eea4efcaf9ac62c01d29adf37e618d16b4a9b8e53e70ca53d37cb7c7c5956e73f6e0043b2b416146124724f7fce64398e27d2f6feea4bbab7f5d311c21a001e
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-