General
-
Target
zload.xls
-
Size
31KB
-
Sample
210120-66nzq94ebe
-
MD5
db5863749e79e71db2f4481f81c7554b
-
SHA1
3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a
-
SHA256
b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222
-
SHA512
eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc
Behavioral task
behavioral1
Sample
zload.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
zload.xls
Resource
win10v20201028
Malware Config
Extracted
https://forteanhub.com/v.php
Targets
-
-
Target
zload.xls
-
Size
31KB
-
MD5
db5863749e79e71db2f4481f81c7554b
-
SHA1
3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a
-
SHA256
b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222
-
SHA512
eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-