General
-
Target
remittance advice.docx
-
Size
10KB
-
Sample
210429-9dwdnwec42
-
MD5
2af49a1a11b912f47a1f5c48ba164ed1
-
SHA1
ad0466cc2e11093139e94cf2ecd1ba0b0443eb30
-
SHA256
100636e87d7ac9e5f4b98ad3028b942e04956284f3fb57d7573c6af6c8316d79
-
SHA512
d62be458783eb5ae3fd555206d538f0005f56771c98ebf98582a5fea62e6819a8cf593906d552f2eb4399f7b186ac571d940ead5c0f80b8b8757f4346a2fe5e5
Static task
static1
Behavioral task
behavioral1
Sample
remittance advice.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
remittance advice.docx
Resource
win10v20210408
Malware Config
Extracted
https://is.gd/RwhzMw
Targets
-
-
Target
remittance advice.docx
-
Size
10KB
-
MD5
2af49a1a11b912f47a1f5c48ba164ed1
-
SHA1
ad0466cc2e11093139e94cf2ecd1ba0b0443eb30
-
SHA256
100636e87d7ac9e5f4b98ad3028b942e04956284f3fb57d7573c6af6c8316d79
-
SHA512
d62be458783eb5ae3fd555206d538f0005f56771c98ebf98582a5fea62e6819a8cf593906d552f2eb4399f7b186ac571d940ead5c0f80b8b8757f4346a2fe5e5
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-