General
-
Target
Swift_Payment.MT103.docx
-
Size
10KB
-
Sample
210614-w9rhwvb4tj
-
MD5
92614cfd1b385cc6e38156a4ce269602
-
SHA1
b32113fc539912f706e55fefe7a91bb903e4d719
-
SHA256
65a0e831a9a7680b0440a3afbfa71e6ddef2e2745301953e168a02ecf4d6d3d4
-
SHA512
eabf4df35bcbc0fdff14ae447690434d88653586038075c50aa1f09d6f1fb34e0df1486487e9a9abc1a5275eac6cee82a92f55deba37a5fe63493bba0a9f11dd
Score
10/10
Malware Config
Extracted
Rule
Microsoft Office WebSettings Relationship
C2
http://xy2.eu/e9yp
Targets
-
-
Target
Swift_Payment.MT103.docx
-
Size
10KB
-
MD5
92614cfd1b385cc6e38156a4ce269602
-
SHA1
b32113fc539912f706e55fefe7a91bb903e4d719
-
SHA256
65a0e831a9a7680b0440a3afbfa71e6ddef2e2745301953e168a02ecf4d6d3d4
-
SHA512
eabf4df35bcbc0fdff14ae447690434d88653586038075c50aa1f09d6f1fb34e0df1486487e9a9abc1a5275eac6cee82a92f55deba37a5fe63493bba0a9f11dd
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-