General
-
Target
Tender Offer.doc
-
Size
609KB
-
Sample
210416-3hr4pv49yx
-
MD5
398a7dca0715973d3a91a0383613acb6
-
SHA1
b5a0830f536f8a2cf50ef1b133eeac9f992e3213
-
SHA256
3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea
-
SHA512
8e64601754da1b5b9b9a93f35ac8fd63085bec5aa8b0f67728613712b6648988d56efdb3907b05c3a19e0582cbbeeb712320cab2c57a59a3eb046582d2b43103
Static task
static1
Behavioral task
behavioral1
Sample
Tender Offer.doc.rtf
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Tender Offer.doc.rtf
Resource
win10v20210408
Malware Config
Extracted
remcos
79.134.225.17:2050
Targets
-
-
Target
Tender Offer.doc
-
Size
609KB
-
MD5
398a7dca0715973d3a91a0383613acb6
-
SHA1
b5a0830f536f8a2cf50ef1b133eeac9f992e3213
-
SHA256
3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea
-
SHA512
8e64601754da1b5b9b9a93f35ac8fd63085bec5aa8b0f67728613712b6648988d56efdb3907b05c3a19e0582cbbeeb712320cab2c57a59a3eb046582d2b43103
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-