General
-
Target
SKM-65.880,46Euro.xlsx
-
Size
696KB
-
Sample
210716-gbqyvcxapx
-
MD5
8d79787f6dfbcc19926c78332cee67e7
-
SHA1
cc49a74b20ed1385fa60a8739b85d15fa9ef5c4f
-
SHA256
ba4f51eaf995fe64eb8da820d20edc3bad403486cb091fc1832883c3feea54fb
-
SHA512
cf9cdd89f28c3f8b1301ca958622e146284c055b16adad9838b1c093f4c291a83efaf2623bb6a102925b79aa9c6f6c9779f7ead5dca2172ecedc667b59cc28af
Static task
static1
Behavioral task
behavioral1
Sample
SKM-65.880,46Euro.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SKM-65.880,46Euro.xlsx
Resource
win10v20210408
Malware Config
Targets
-
-
Target
SKM-65.880,46Euro.xlsx
-
Size
696KB
-
MD5
8d79787f6dfbcc19926c78332cee67e7
-
SHA1
cc49a74b20ed1385fa60a8739b85d15fa9ef5c4f
-
SHA256
ba4f51eaf995fe64eb8da820d20edc3bad403486cb091fc1832883c3feea54fb
-
SHA512
cf9cdd89f28c3f8b1301ca958622e146284c055b16adad9838b1c093f4c291a83efaf2623bb6a102925b79aa9c6f6c9779f7ead5dca2172ecedc667b59cc28af
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Drops file in System32 directory
-