General
-
Target
W0rd.bin
-
Size
459KB
-
Sample
210113-ejamrkj5bn
-
MD5
3f0014063c90ac8a25046d0f5f16937d
-
SHA1
8718a50b294ca70fa387a2609a1e5712f5b84123
-
SHA256
c5385df4db1e69b06cf36f4481365d1101679a5764d721e369ea1d5d4c4b6b2c
-
SHA512
5bd7ec11db8a61ae53537eabc81809972c4ca8c61473db9067cf49f03af8a00ed31ec773bbe2a345aa8d3b9ba58b6a7e8472d8b54dfa8954df6e28b6794c6a63
Static task
static1
Behavioral task
behavioral1
Sample
W0rd.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
W0rd.bin.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
W0rd.bin
-
Size
459KB
-
MD5
3f0014063c90ac8a25046d0f5f16937d
-
SHA1
8718a50b294ca70fa387a2609a1e5712f5b84123
-
SHA256
c5385df4db1e69b06cf36f4481365d1101679a5764d721e369ea1d5d4c4b6b2c
-
SHA512
5bd7ec11db8a61ae53537eabc81809972c4ca8c61473db9067cf49f03af8a00ed31ec773bbe2a345aa8d3b9ba58b6a7e8472d8b54dfa8954df6e28b6794c6a63
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-