General
-
Target
pay-9898.xls
-
Size
31KB
-
Sample
210120-71kdz73bjx
-
MD5
40c4be0a32ba7510bbd07dd68d501c7b
-
SHA1
85fb9debaf5cd3b3e528f2273c134c8d71033172
-
SHA256
2c861f99439d5034c0540e35265db8bae026ad0e670558c006f17f064c680f31
-
SHA512
e4ba86bcf27c828273229aaa80d112a3a5b3fc4e6f38b9bb3dc03938a140776701a2a232255584defdd5ca35ddfb2728fbae80426e68ab5192db2fd54feb7a7c
Behavioral task
behavioral1
Sample
pay-9898.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
pay-9898.xls
Resource
win10v20201028
Malware Config
Extracted
http://www.liceovirreysolis.com/server.php
Targets
-
-
Target
pay-9898.xls
-
Size
31KB
-
MD5
40c4be0a32ba7510bbd07dd68d501c7b
-
SHA1
85fb9debaf5cd3b3e528f2273c134c8d71033172
-
SHA256
2c861f99439d5034c0540e35265db8bae026ad0e670558c006f17f064c680f31
-
SHA512
e4ba86bcf27c828273229aaa80d112a3a5b3fc4e6f38b9bb3dc03938a140776701a2a232255584defdd5ca35ddfb2728fbae80426e68ab5192db2fd54feb7a7c
Score10/10-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-