General
-
Target
0714_1137360888.doc
-
Size
1.4MB
-
Sample
210715-zt2s9f3qwa
-
MD5
b55bb126dd3962a05bf15d27ba832223
-
SHA1
069aefe704193c0014ffc90af2e3ce76166eee1c
-
SHA256
d8bef6e24e6faa20f4cfaa6d3cadedefff93a37a2e6337fbb89b7be718b17d31
-
SHA512
b197db5abeaa4c935a859bb355eb2c12a1ee5f42bdad039bd4372055a46207d60a5d4ea3ed3afd0705612e9879098e16362d7af45699a79574ca051180642f2e
Static task
static1
Behavioral task
behavioral1
Sample
0714_1137360888.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0714_1137360888.doc
Resource
win10v20210408
Malware Config
Extracted
hancitor
1507_pewut
http://gatiallyde.com/8/forum.php
http://dialencelu.ru/8/forum.php
http://accomead.ru/8/forum.php
Extracted
fickerstealer
pospvisis.com:80
Targets
-
-
Target
0714_1137360888.doc
-
Size
1.4MB
-
MD5
b55bb126dd3962a05bf15d27ba832223
-
SHA1
069aefe704193c0014ffc90af2e3ce76166eee1c
-
SHA256
d8bef6e24e6faa20f4cfaa6d3cadedefff93a37a2e6337fbb89b7be718b17d31
-
SHA512
b197db5abeaa4c935a859bb355eb2c12a1ee5f42bdad039bd4372055a46207d60a5d4ea3ed3afd0705612e9879098e16362d7af45699a79574ca051180642f2e
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-