General
-
Target
Document931215825.xls
-
Size
53KB
-
Sample
201211-zh128fnl2n
-
MD5
ef687c6dd0731d96d622ac024974a35b
-
SHA1
907be2046fd958898fa14be35f567cbb30e5e8bb
-
SHA256
829419a788104ec45e82487738be2779a83cac1b65bfc9343e351e75cfa49f5e
-
SHA512
64c3ff8bcab43efaa971816463a620f02f760c84c60daa96d1937046b746156ab8f8461d6c68051e198e156b24133831fc663779c4f389f92ef146b6eb6a3fc5
Malware Config
Targets
-
-
Target
Document931215825.xls
-
Size
53KB
-
MD5
ef687c6dd0731d96d622ac024974a35b
-
SHA1
907be2046fd958898fa14be35f567cbb30e5e8bb
-
SHA256
829419a788104ec45e82487738be2779a83cac1b65bfc9343e351e75cfa49f5e
-
SHA512
64c3ff8bcab43efaa971816463a620f02f760c84c60daa96d1937046b746156ab8f8461d6c68051e198e156b24133831fc663779c4f389f92ef146b6eb6a3fc5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-