General
-
Target
Documents_2014081229.xls
-
Size
273KB
-
Sample
210312-vr8zjtgyax
-
MD5
63a68ba95fca6c9b586b1b7aaa8181df
-
SHA1
afc6a930be981fea43f942f0fb7b71cf941d573b
-
SHA256
efb99dabdc2014a65a03044be4e477a643c4cbae9e02ec184ace4f212860898f
-
SHA512
fecb625fb7a6befcde453ff4b3792dfeed5dde73d8ba73096faafdbc9b092271cd344a4cdd7b2f9538255d58151e4a3a70bf2f4b680110881f02c2ecc3bb6d45
Behavioral task
behavioral1
Sample
Documents_2014081229.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Documents_2014081229.xls
Resource
win10v20201028
Malware Config
Extracted
https://sssolutionsllc.org/k.php
Extracted
zloader
kev
12/03
https://dazzlingnight.com/post.php
https://rylaconfxilo.tk/post.php
https://seaofsilver.com/post.php
https://kenthehafana.tk/post.php
Targets
-
-
Target
Documents_2014081229.xls
-
Size
273KB
-
MD5
63a68ba95fca6c9b586b1b7aaa8181df
-
SHA1
afc6a930be981fea43f942f0fb7b71cf941d573b
-
SHA256
efb99dabdc2014a65a03044be4e477a643c4cbae9e02ec184ace4f212860898f
-
SHA512
fecb625fb7a6befcde453ff4b3792dfeed5dde73d8ba73096faafdbc9b092271cd344a4cdd7b2f9538255d58151e4a3a70bf2f4b680110881f02c2ecc3bb6d45
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-