General
-
Target
Booking Confirmation.docx
-
Size
10KB
-
Sample
210608-bzg445zr8s
-
MD5
719d1eb8a4794b7e58802a43a1241e9c
-
SHA1
944fd5deccb84a8a810958ce45a105beaaf11b1f
-
SHA256
f65d63d34801ef0fdbd2b204a27cfaacca7e36dd9373553e2d6d901d493354d2
-
SHA512
95f2cde4dcda16134b04ed6489c026205a972b0f3060146c016223b0bb914f76ab62d89197d05ba1b8a06a284bfd0dd18da76b9b45e7b2cc91378601438032ef
Static task
static1
Behavioral task
behavioral1
Sample
Booking Confirmation.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Booking Confirmation.docx
Resource
win10v20210410
Malware Config
Extracted
http://bit.do/fQZmn
Targets
-
-
Target
Booking Confirmation.docx
-
Size
10KB
-
MD5
719d1eb8a4794b7e58802a43a1241e9c
-
SHA1
944fd5deccb84a8a810958ce45a105beaaf11b1f
-
SHA256
f65d63d34801ef0fdbd2b204a27cfaacca7e36dd9373553e2d6d901d493354d2
-
SHA512
95f2cde4dcda16134b04ed6489c026205a972b0f3060146c016223b0bb914f76ab62d89197d05ba1b8a06a284bfd0dd18da76b9b45e7b2cc91378601438032ef
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-