General
-
Target
0217_1737094153981.doc
-
Size
391KB
-
Sample
210217-ptzk38dak2
-
MD5
df3d7fcf63c6fd0c482d88aed6eecb1d
-
SHA1
b790953f90ac8af2d7db4ce6454f451e809aab77
-
SHA256
bd768d902abb211edf805fddc926ad87287a770c70ac62475ad4f25d1f314d39
-
SHA512
80a3f01ed294f549621ce0c2a5a09bc1b86adcdb7e3ab5a98064020de923fb9e022f490c5bb4dde5f5214fbc00749bab033311be5b45201795c0716c434c685d
Static task
static1
Behavioral task
behavioral1
Sample
0217_1737094153981.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0217_1737094153981.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1702_pro23
http://hatuderefer.com/8/forum.php
http://thavelede.ru/8/forum.php
http://zinsubtal.ru/8/forum.php
Targets
-
-
Target
0217_1737094153981.doc
-
Size
391KB
-
MD5
df3d7fcf63c6fd0c482d88aed6eecb1d
-
SHA1
b790953f90ac8af2d7db4ce6454f451e809aab77
-
SHA256
bd768d902abb211edf805fddc926ad87287a770c70ac62475ad4f25d1f314d39
-
SHA512
80a3f01ed294f549621ce0c2a5a09bc1b86adcdb7e3ab5a98064020de923fb9e022f490c5bb4dde5f5214fbc00749bab033311be5b45201795c0716c434c685d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-