General
-
Target
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
-
Size
343KB
-
Sample
210722-8tetwrbe9j
-
MD5
97538e922b86b2ae95625d1e11e6aaf1
-
SHA1
928e4d89b379bdd7c894787431a8d0b42f28a5a4
-
SHA256
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
-
SHA512
c002b9f11892fb3882ccb7b07e91a5396370232407614ea1f5b4b6dbf7cde70c59c699415e01066731454debfb8e468a15def21ef889b92dedeabde79a623ed7
Static task
static1
Behavioral task
behavioral1
Sample
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee.xls
Resource
win7v20210408
Behavioral task
behavioral2
Sample
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee.xls
Resource
win10v20210410
Malware Config
Extracted
hancitor
2207_xwpi67
http://tholeferli.com/8/forum.php
http://aidgodown.ru/8/forum.php
http://relifleappin.ru/8/forum.php
Extracted
fickerstealer
pospvisis.com:80
Targets
-
-
Target
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
-
Size
343KB
-
MD5
97538e922b86b2ae95625d1e11e6aaf1
-
SHA1
928e4d89b379bdd7c894787431a8d0b42f28a5a4
-
SHA256
83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
-
SHA512
c002b9f11892fb3882ccb7b07e91a5396370232407614ea1f5b4b6dbf7cde70c59c699415e01066731454debfb8e468a15def21ef889b92dedeabde79a623ed7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-