General
-
Target
LC-0042002210001102.xlsx
-
Size
2.3MB
-
Sample
210118-aqqgt5x47e
-
MD5
f70ff866a39148173a933bc17f45ecbc
-
SHA1
150eb890094dda5751ef87c6980743ca14e7eb83
-
SHA256
f6b2823f8e862aa77bf54a5820334fec3e82a666881bbdf2f8a970a52b1adaba
-
SHA512
417289944826ab4f178638e2ca7e004c4e31c530568dcc39c2b8e8c5acbd298a67584948974ae719c84ad770a238ff0fadd9d126c702c036d530adb5fa761b73
Static task
static1
Behavioral task
behavioral1
Sample
LC-0042002210001102.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
LC-0042002210001102.xlsx
Resource
win10v20201028
Malware Config
Extracted
remcos
push4me.freeddns.org:1814
Targets
-
-
Target
LC-0042002210001102.xlsx
-
Size
2.3MB
-
MD5
f70ff866a39148173a933bc17f45ecbc
-
SHA1
150eb890094dda5751ef87c6980743ca14e7eb83
-
SHA256
f6b2823f8e862aa77bf54a5820334fec3e82a666881bbdf2f8a970a52b1adaba
-
SHA512
417289944826ab4f178638e2ca7e004c4e31c530568dcc39c2b8e8c5acbd298a67584948974ae719c84ad770a238ff0fadd9d126c702c036d530adb5fa761b73
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-