General
-
Target
label.xlsm
-
Size
18KB
-
Sample
210309-2dcrv9g73s
-
MD5
7e7b8a3f709a06751a5aebf0727299f9
-
SHA1
42e6d1c6c78d3c7e201e49de22a18362b4ee5f71
-
SHA256
52dc772f8a1fba5d23b2bd62f1762d49f180579d561bbb64d84f97f4c3a7b2cd
-
SHA512
717917bc7019af9d2dd878f45409a5f4ab9d58df6bf2d892f7317efaa1abe47b9964eebac5c8bf6a6e88173ae7fffc15acca494e9e1341992405543032cfd510
Static task
static1
Behavioral task
behavioral1
Sample
label.xlsm
Resource
win7v20201028
Malware Config
Extracted
http://adelantosi.com/cp/label.exe
Targets
-
-
Target
label.xlsm
-
Size
18KB
-
MD5
7e7b8a3f709a06751a5aebf0727299f9
-
SHA1
42e6d1c6c78d3c7e201e49de22a18362b4ee5f71
-
SHA256
52dc772f8a1fba5d23b2bd62f1762d49f180579d561bbb64d84f97f4c3a7b2cd
-
SHA512
717917bc7019af9d2dd878f45409a5f4ab9d58df6bf2d892f7317efaa1abe47b9964eebac5c8bf6a6e88173ae7fffc15acca494e9e1341992405543032cfd510
-
NetWire RAT payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-