Behavioral task
behavioral1
Sample
???????????.doc
Resource
win10v20210410
Behavioral task
behavioral2
Sample
????????????.doc
Resource
win10v20210408
Behavioral task
behavioral3
Sample
???????????????(FormatPaper.exe)??????.pdf
Resource
win10v20210410
Behavioral task
behavioral4
Sample
???????????????????????????????????.doc
Resource
win10v20210408
Behavioral task
behavioral5
Sample
Uninst.exe
Resource
win10v20210410
Behavioral task
behavioral6
Sample
setup.exe
Resource
win10v20210408
General
-
Target
red_spider_v721732.zip
-
Size
18.7MB
-
MD5
abbe2c80e58b0a062e8e258888c525e6
-
SHA1
4d15540b9f967292f5e9f672c491515041066719
-
SHA256
dd2cbeda09bb4e9bdc32df15f5ed8cf090eb7c6aea30f67c471ec777b13d871d
-
SHA512
af75a0e9abe1a88e2f1124200d6ba20c71af66f246afd9994a4b6a33beb3a61428d76914513319dbf9ee9e17927a0cbf6342aa0acfed581a41c2c3c4a02361fe
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/???????????????????????????????????.doc office_xlm_macros -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
Processes:
resource yara_rule static1/unpack001/???????????????(FormatPaper.exe)??????.pdf pdf_with_link_action
Files
-
red_spider_v721732.zip.zip
-
3000soft.ico
-
???????????.doc.doc windows office2003
-
????????????.doc.doc windows office2003
-
???????????????(FormatPaper.exe)??????.pdf.pdf
-
http://www.examcoo.com/
-
-
???????????????????????????????????.doc.doc windows office2003
-
Autorun.inf
-
Uninst.exe.exe windows x86
-
data1.cab
-
data1.hdr
-
data2.cab
-
layout.bin
-
setup.bmp
-
setup.exe.exe windows x86
-
setup.ibt
-
setup.ini
-
setup.inx
-
setup.isn
-
setup.iss
-
usetup.iss