General
-
Target
2021 NEW PURCHASE REQUIREMENT .xlsx
-
Size
1.9MB
-
Sample
210112-p5mfldlc9x
-
MD5
61c601674bb718dfbfb466c613e481ad
-
SHA1
f94bb9d92c0fdf08043438f3e921e1547aa60cad
-
SHA256
e7d76442af18fc1784adc2191d9ee6d078b3ba402a2465a6f061def541dd5138
-
SHA512
359c26536607d41185b190319d413ff0e478fb5861e5897682dc6dd3ed7ef5310463f3692afdc3412ae56468025e1cb6e7ecfe2bf6eb36a0f7cb05086b502c50
Static task
static1
Behavioral task
behavioral1
Sample
2021 NEW PURCHASE REQUIREMENT .xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2021 NEW PURCHASE REQUIREMENT .xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
2021 NEW PURCHASE REQUIREMENT .xlsx
-
Size
1.9MB
-
MD5
61c601674bb718dfbfb466c613e481ad
-
SHA1
f94bb9d92c0fdf08043438f3e921e1547aa60cad
-
SHA256
e7d76442af18fc1784adc2191d9ee6d078b3ba402a2465a6f061def541dd5138
-
SHA512
359c26536607d41185b190319d413ff0e478fb5861e5897682dc6dd3ed7ef5310463f3692afdc3412ae56468025e1cb6e7ecfe2bf6eb36a0f7cb05086b502c50
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-