General
-
Target
IMG_108_60_504_10.xls
-
Size
386KB
-
Sample
210414-qkrfr8lfc6
-
MD5
04fbea5ffe3e351533bc0a4509c51505
-
SHA1
f0b7ad5184bccb1570b91ddbb192705a476f1974
-
SHA256
be88c65266ce52179410570bbca448cf49c6aff1b56845a27085af47e2d19681
-
SHA512
da271a793200ed77e0c7e86a57a91586c83828c87e0d3d455ab3aee20bb6a5a832459349dddfdd26dd93aae7ae3974a886cb756d4d15e07b49aa6d028bc252e0
Static task
static1
Behavioral task
behavioral1
Sample
IMG_108_60_504_10.xls
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_108_60_504_10.xls
Resource
win10v20210408
Malware Config
Extracted
oski
novget.com
Targets
-
-
Target
IMG_108_60_504_10.xls
-
Size
386KB
-
MD5
04fbea5ffe3e351533bc0a4509c51505
-
SHA1
f0b7ad5184bccb1570b91ddbb192705a476f1974
-
SHA256
be88c65266ce52179410570bbca448cf49c6aff1b56845a27085af47e2d19681
-
SHA512
da271a793200ed77e0c7e86a57a91586c83828c87e0d3d455ab3aee20bb6a5a832459349dddfdd26dd93aae7ae3974a886cb756d4d15e07b49aa6d028bc252e0
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-