General
-
Target
case_inv 9892.xls
-
Size
31KB
-
Sample
210120-75cr7s846n
-
MD5
44f45729bca249b782cd9b51ceb0cf22
-
SHA1
547f6f5f33484d0e9701e9a9bc81e709a63e2348
-
SHA256
ed2c08cc6ff86d4538172c59b38a320c1757dd11ac04a1462637b121d1d8f5a4
-
SHA512
c76015506de998cbf991e19ace7e38bfee2e9467a012f24fd7ccaa394a35e95001d14db994e4a378679261923c02c099afdf453560b011e5369c7aa58f81497e
Behavioral task
behavioral1
Sample
case_inv 9892.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
case_inv 9892.xls
Resource
win10v20201028
Malware Config
Extracted
https://flixliste.com/k.php
Targets
-
-
Target
case_inv 9892.xls
-
Size
31KB
-
MD5
44f45729bca249b782cd9b51ceb0cf22
-
SHA1
547f6f5f33484d0e9701e9a9bc81e709a63e2348
-
SHA256
ed2c08cc6ff86d4538172c59b38a320c1757dd11ac04a1462637b121d1d8f5a4
-
SHA512
c76015506de998cbf991e19ace7e38bfee2e9467a012f24fd7ccaa394a35e95001d14db994e4a378679261923c02c099afdf453560b011e5369c7aa58f81497e
Score10/10-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-