Behavioral task
behavioral1
Sample
0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde.pps
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde.pps
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
aef3c7aa3a68afaa0b1a3540b0952b52.zip
-
Size
49KB
-
MD5
bdbc3b20176bd0ed00203331f4f7b23d
-
SHA1
7285292a0b2134c2d800864aa6b474f8df79ff23
-
SHA256
3e837fe40cee5e3aebd0e060fc575adeee8a65799162b8f16abbe48054eb752d
-
SHA512
b44d12e068fcd8d91c3a3805e0cf6976c1e29772ea0836a9ffb8e442195d89ffc3cb11ed39e512667a9534f8e12d28c365ab201ee78f571e395536c17e83c4e3
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde office_xlm_macros static1/unpack001/0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule static1/unpack001/0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde grizli777_cracked_office
Files
-
aef3c7aa3a68afaa0b1a3540b0952b52.zip.zip
Password: infected
-
0a05b3c30c42b87df3944f1bcdba0db6884734641220790bc86909de80ebfdde.pps windows office2003
CAlca