General
-
Target
NEW PURCHASE REQUIREMENT .xlsx
-
Size
2.1MB
-
Sample
210109-syfre9c8r6
-
MD5
63fc87b0bb258315f3e229d16b933768
-
SHA1
65fedd6ad7f14125a17b24831d66d31a57634ad5
-
SHA256
5a814e460fc7723ec36e5f1451a7e0349bfce280c1f935b432378d666ce95044
-
SHA512
a576575deb7143a202f1f066e3582b36a094dbd0ad6aeef0eaf8f6ee76562339627c1b5c38c38be54f32c56f7f49cf0554e524661fe8c7bede793e8f6ef70ba4
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE REQUIREMENT .xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW PURCHASE REQUIREMENT .xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
NEW PURCHASE REQUIREMENT .xlsx
-
Size
2.1MB
-
MD5
63fc87b0bb258315f3e229d16b933768
-
SHA1
65fedd6ad7f14125a17b24831d66d31a57634ad5
-
SHA256
5a814e460fc7723ec36e5f1451a7e0349bfce280c1f935b432378d666ce95044
-
SHA512
a576575deb7143a202f1f066e3582b36a094dbd0ad6aeef0eaf8f6ee76562339627c1b5c38c38be54f32c56f7f49cf0554e524661fe8c7bede793e8f6ef70ba4
Score10/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-