General
-
Target
W0rd.dll
-
Size
595KB
-
Sample
210211-krler1vyzs
-
MD5
b318cc9f1ff841af11f7720f345e1243
-
SHA1
c318872278becf9287efe094cc4511f8907ba73d
-
SHA256
e7b6a50fd748a48d5168877e64c9255995f177b13c8790647f61ea46dd790c00
-
SHA512
16c937a15c665df7bd54c54ef214fc56ac5fefc7005eedd990250a14d87878e361e0d3e76e1cccd794c196784fe99fb3e689fb9460d3ea90b9baedde2e11290f
Static task
static1
Behavioral task
behavioral1
Sample
W0rd.dll
Resource
win7v20201028
Malware Config
Extracted
hancitor
1102_heid89
http://nuencres.com/8/forum.php
http://matuattheires.ru/8/forum.php
http://desuctoette.ru/8/forum.php
Targets
-
-
Target
W0rd.dll
-
Size
595KB
-
MD5
b318cc9f1ff841af11f7720f345e1243
-
SHA1
c318872278becf9287efe094cc4511f8907ba73d
-
SHA256
e7b6a50fd748a48d5168877e64c9255995f177b13c8790647f61ea46dd790c00
-
SHA512
16c937a15c665df7bd54c54ef214fc56ac5fefc7005eedd990250a14d87878e361e0d3e76e1cccd794c196784fe99fb3e689fb9460d3ea90b9baedde2e11290f
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-