General
-
Target
2021 NEW PURCHASE REQUIREMENT.xlsx
-
Size
1.4MB
-
Sample
210113-dh486kskcj
-
MD5
c12a39b32626cd2b4ca80d41ffa7a24c
-
SHA1
2105a2bc2161e9adfa0d3e087e43a466b9f5df58
-
SHA256
baac57b1f64f5d6e9eeadc84424db056fe253119f0f1bf4b2f2b55f940bce4ab
-
SHA512
f9a0ed261feea72e6bc128475db4ae5f239ade26937f1b5a645ad5c8d7face344c8ba3a90fbed5679bcd19207e66a52e2cebd5ed210b82d6590eb10a7486ea22
Static task
static1
Behavioral task
behavioral1
Sample
2021 NEW PURCHASE REQUIREMENT.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2021 NEW PURCHASE REQUIREMENT.xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
2021 NEW PURCHASE REQUIREMENT.xlsx
-
Size
1.4MB
-
MD5
c12a39b32626cd2b4ca80d41ffa7a24c
-
SHA1
2105a2bc2161e9adfa0d3e087e43a466b9f5df58
-
SHA256
baac57b1f64f5d6e9eeadc84424db056fe253119f0f1bf4b2f2b55f940bce4ab
-
SHA512
f9a0ed261feea72e6bc128475db4ae5f239ade26937f1b5a645ad5c8d7face344c8ba3a90fbed5679bcd19207e66a52e2cebd5ed210b82d6590eb10a7486ea22
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-