General
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
267KB
-
Sample
210519-h78s2ezea6
-
MD5
21a57dbd1dad6aec8edbbaeddabac81b
-
SHA1
f20bdcb3970bc9fabfff60628a71cfe318d4efe9
-
SHA256
42aeef1b5f9d53105bd3d9076b7634e1eed53f89c9e3577426f4c51441e4fca4
-
SHA512
a2339ff6347d6d3dff885b8317de5a87df589462052ac2c6dc8fb09715aca149379bc7e71e7c1ba2ccae976e7d0d4d1790971db6dc92b57ab35810953bc73563
Behavioral task
behavioral1
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win10v20210410
Malware Config
Extracted
Targets
-
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
267KB
-
MD5
21a57dbd1dad6aec8edbbaeddabac81b
-
SHA1
f20bdcb3970bc9fabfff60628a71cfe318d4efe9
-
SHA256
42aeef1b5f9d53105bd3d9076b7634e1eed53f89c9e3577426f4c51441e4fca4
-
SHA512
a2339ff6347d6d3dff885b8317de5a87df589462052ac2c6dc8fb09715aca149379bc7e71e7c1ba2ccae976e7d0d4d1790971db6dc92b57ab35810953bc73563
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-