General
-
Target
DHL-Address.xlsx
-
Size
586KB
-
Sample
210113-gbp8c1enae
-
MD5
5de2e8bdb620804fd22d76f1e9fedf6e
-
SHA1
942ce29cd8138a1594ee416debf753d8eaa71528
-
SHA256
f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
-
SHA512
f24f1d93e61dffe4c48995e0a1ef039b7346cbd9f94a65dffac4d360b5f7419306bcffd57f403a7a6764dd38d7ec9b59e1d0462703f834edc368c38bda939e53
Static task
static1
Behavioral task
behavioral1
Sample
DHL-Address.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL-Address.xlsx
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DHL-Address.xlsx
-
Size
586KB
-
MD5
5de2e8bdb620804fd22d76f1e9fedf6e
-
SHA1
942ce29cd8138a1594ee416debf753d8eaa71528
-
SHA256
f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
-
SHA512
f24f1d93e61dffe4c48995e0a1ef039b7346cbd9f94a65dffac4d360b5f7419306bcffd57f403a7a6764dd38d7ec9b59e1d0462703f834edc368c38bda939e53
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-