General
-
Target
W0rd.dll
-
Size
459KB
-
Sample
210113-6f9jdyfm9e
-
MD5
42110f172919873c9223905914aa5d50
-
SHA1
8d4f5109d6a415208c9040a11e1349ff7485f4b0
-
SHA256
288fdf9c64da0251107df7f1c3283f328279ad581710a9cf71f67e53b0b1684d
-
SHA512
3b5e9cabe445891663926e8c21eac6634c5de7487863179965b1b5ecaff3a664427894d3e1f7d45203c7cb593f26c2786d47c77f8ab7b5ae8bbe726677b19501
Static task
static1
Behavioral task
behavioral1
Sample
W0rd.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
W0rd.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
W0rd.dll
-
Size
459KB
-
MD5
42110f172919873c9223905914aa5d50
-
SHA1
8d4f5109d6a415208c9040a11e1349ff7485f4b0
-
SHA256
288fdf9c64da0251107df7f1c3283f328279ad581710a9cf71f67e53b0b1684d
-
SHA512
3b5e9cabe445891663926e8c21eac6634c5de7487863179965b1b5ecaff3a664427894d3e1f7d45203c7cb593f26c2786d47c77f8ab7b5ae8bbe726677b19501
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-