General
-
Target
0318_26520154690771.doc
-
Size
717KB
-
Sample
210321-aq3ggjkcf2
-
MD5
5f8de66af1f6ae90063339dd9d526234
-
SHA1
4bc1522707e2c5566710bd449f779da2c14ed4cf
-
SHA256
9e9c65cb226ad216b5e47debceed0e541951e251b28ceeb2405423a0dceda602
-
SHA512
be974bb2465a38b04254a16dcce73d1215bba94fa80ab628f084252227de69e14a81e9c4a68e2e760153ed3d24ba08314b8d57f5615f0370872e541844d457db
Static task
static1
Behavioral task
behavioral1
Sample
0318_26520154690771.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0318_26520154690771.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
0318_26520154690771.doc
-
Size
717KB
-
MD5
5f8de66af1f6ae90063339dd9d526234
-
SHA1
4bc1522707e2c5566710bd449f779da2c14ed4cf
-
SHA256
9e9c65cb226ad216b5e47debceed0e541951e251b28ceeb2405423a0dceda602
-
SHA512
be974bb2465a38b04254a16dcce73d1215bba94fa80ab628f084252227de69e14a81e9c4a68e2e760153ed3d24ba08314b8d57f5615f0370872e541844d457db
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-