General
-
Target
Invoice_0565943.xls
-
Size
266KB
-
Sample
210217-4cyttz4b1j
-
MD5
f6af4458d269a660cedc88ff8738d4ce
-
SHA1
d7350d7195c73a9489b3c27d62407e2c8f34825d
-
SHA256
05b0a29f16f196a36944c94487032c1d9b9acc6bee8839457d730f4053f68e29
-
SHA512
b24c6105017b8cb0f90c45e6c89838ae58521b285750a3f315ad80dc15a422ca41bab69ca87fa80aaef2901c60f186351bf09022872880c8ed9112a97817dd0c
Malware Config
Extracted
https://forcemc.digital/image/v
Targets
-
-
Target
Invoice_0565943.xls
-
Size
266KB
-
MD5
f6af4458d269a660cedc88ff8738d4ce
-
SHA1
d7350d7195c73a9489b3c27d62407e2c8f34825d
-
SHA256
05b0a29f16f196a36944c94487032c1d9b9acc6bee8839457d730f4053f68e29
-
SHA512
b24c6105017b8cb0f90c45e6c89838ae58521b285750a3f315ad80dc15a422ca41bab69ca87fa80aaef2901c60f186351bf09022872880c8ed9112a97817dd0c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Loads dropped DLL
-