General
-
Target
SOA.xlsm
-
Size
18KB
-
Sample
210415-ewlmjneq5n
-
MD5
5af73df3782494331cb85c3278054f94
-
SHA1
f4ddfd5507b0f92caec0588309d75292daa28693
-
SHA256
eb065c4072ee30b3644a847c8f28044eb183977f39e1f90de08d098d8dd70eec
-
SHA512
6ee5a826804664593d336a19c317e30f13f9d0d902f75bcef4668b30de08016e23a85575090248a376f5ac1afc36f13f17599b062dcf07da46eb3a8f732a4483
Static task
static1
Behavioral task
behavioral1
Sample
SOA.xlsm
Resource
win7v20210408
Malware Config
Extracted
http://a0532749.xsph.ru/RR.exe
Extracted
remcos
shahzad73.ddns.net:2404
shahzad73.casacam.net:2404
Targets
-
-
Target
SOA.xlsm
-
Size
18KB
-
MD5
5af73df3782494331cb85c3278054f94
-
SHA1
f4ddfd5507b0f92caec0588309d75292daa28693
-
SHA256
eb065c4072ee30b3644a847c8f28044eb183977f39e1f90de08d098d8dd70eec
-
SHA512
6ee5a826804664593d336a19c317e30f13f9d0d902f75bcef4668b30de08016e23a85575090248a376f5ac1afc36f13f17599b062dcf07da46eb3a8f732a4483
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-