General
-
Target
pertanyaan pesanan1.doc
-
Size
1014KB
-
Sample
210422-jqkkslytz6
-
MD5
23fa7215a0d447fea14926d67846bfa5
-
SHA1
6f91e5f579b8a8c081b64193c3d308fb7eca2de1
-
SHA256
d0bb82e43e62a945cb952ed04a153d08087efb5bc1e8235ced0fca3538d41415
-
SHA512
ae64c4a001ef54f4740598e754647c712cfc1f7e0fb09a0f997fbe75abf19f7d9a9be5cfcec208c9f125078aa1e2cd275f07d47762d43e066811ade5a4933672
Static task
static1
Behavioral task
behavioral1
Sample
pertanyaan pesanan1.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
pertanyaan pesanan1.doc
Resource
win10v20210410
Malware Config
Extracted
oski
zvv.asia
Targets
-
-
Target
pertanyaan pesanan1.doc
-
Size
1014KB
-
MD5
23fa7215a0d447fea14926d67846bfa5
-
SHA1
6f91e5f579b8a8c081b64193c3d308fb7eca2de1
-
SHA256
d0bb82e43e62a945cb952ed04a153d08087efb5bc1e8235ced0fca3538d41415
-
SHA512
ae64c4a001ef54f4740598e754647c712cfc1f7e0fb09a0f997fbe75abf19f7d9a9be5cfcec208c9f125078aa1e2cd275f07d47762d43e066811ade5a4933672
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-