General
-
Target
parcel.xlsm
-
Size
18KB
-
Sample
210309-lhd4kcz7nj
-
MD5
0e1137f6c82bd9f4545156ce8fa1bfb5
-
SHA1
e784d86a123ff452024780303be372966df32e5a
-
SHA256
8c38dbbc3834ab600313e6cd32e0e1a077726f002a608b5cbf9baa87ff11f90f
-
SHA512
ae79c139386eb2fe89f96a2dbfe434a1634d6ffbbca5bf0aa41507cfdaba8c8de140b430e7fc39433751aa17119678418fd4160a3492fb5917cc0b152e943533
Static task
static1
Behavioral task
behavioral1
Sample
parcel.xlsm
Resource
win7v20201028
Malware Config
Extracted
http://adelantosi.com/cp/parcel.exe
Extracted
remcos
calvinlarry3551.hopto.org:2240
calvinlarry3551.ddns.net:2240
Targets
-
-
Target
parcel.xlsm
-
Size
18KB
-
MD5
0e1137f6c82bd9f4545156ce8fa1bfb5
-
SHA1
e784d86a123ff452024780303be372966df32e5a
-
SHA256
8c38dbbc3834ab600313e6cd32e0e1a077726f002a608b5cbf9baa87ff11f90f
-
SHA512
ae79c139386eb2fe89f96a2dbfe434a1634d6ffbbca5bf0aa41507cfdaba8c8de140b430e7fc39433751aa17119678418fd4160a3492fb5917cc0b152e943533
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-