General
-
Target
DTI_621-746-012.xlsx
-
Size
8KB
-
Sample
210503-4cw955936j
-
MD5
6381ca8d8726bacc65c588535dbb8398
-
SHA1
238c8b5f9e4db7a99401b928857473844fd63f6c
-
SHA256
b0696a88c5c0c9d0a06f9b0316c854a3784d79ad0ca5bb4cb055ded62285a286
-
SHA512
df7ec8f35106d49a552c7c9d0dc47101d1bcf518718308fcd92ceca6b1ba71ef6092b80d182022844c65294e444f0c73c7667172a9d208df4d2afabbfa0aab7c
Static task
static1
Behavioral task
behavioral1
Sample
DTI_621-746-012.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DTI_621-746-012.xlsx
Resource
win10v20210410
Malware Config
Extracted
oski
31.210.20.238
Targets
-
-
Target
DTI_621-746-012.xlsx
-
Size
8KB
-
MD5
6381ca8d8726bacc65c588535dbb8398
-
SHA1
238c8b5f9e4db7a99401b928857473844fd63f6c
-
SHA256
b0696a88c5c0c9d0a06f9b0316c854a3784d79ad0ca5bb4cb055ded62285a286
-
SHA512
df7ec8f35106d49a552c7c9d0dc47101d1bcf518718308fcd92ceca6b1ba71ef6092b80d182022844c65294e444f0c73c7667172a9d208df4d2afabbfa0aab7c
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-