General
-
Target
W0rd.dll
-
Size
459KB
-
Sample
210113-85g6qzbks2
-
MD5
075ef6a3a24b3c4cfef8e89b8e0836f9
-
SHA1
f689fa2dc167400badf68c8348814fc502d3bd30
-
SHA256
ce2449b7f600b0317614419159e9364e1a76613ac0cb112c88be171638573049
-
SHA512
03f62f12b1bd4740e1d35da2e2087a47eb62477d65bd9a5794b504e5a7badbce7b3de6246e9fd38e5e1f6c9a7484841f5b0914bee39f126d42c9ea71f554319f
Static task
static1
Behavioral task
behavioral1
Sample
W0rd.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
W0rd.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
W0rd.dll
-
Size
459KB
-
MD5
075ef6a3a24b3c4cfef8e89b8e0836f9
-
SHA1
f689fa2dc167400badf68c8348814fc502d3bd30
-
SHA256
ce2449b7f600b0317614419159e9364e1a76613ac0cb112c88be171638573049
-
SHA512
03f62f12b1bd4740e1d35da2e2087a47eb62477d65bd9a5794b504e5a7badbce7b3de6246e9fd38e5e1f6c9a7484841f5b0914bee39f126d42c9ea71f554319f
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-