Overview
overview
10Static
static
827-07-2021...de.pdf
windows7_x64
127-07-2021...de.pdf
windows10_x64
127-07-2021...58.doc
windows7_x64
1027-07-2021...58.doc
windows10_x64
1027-07-2021...58.exe
windows7_x64
1027-07-2021...58.exe
windows10_x64
1027-07-2021...1.docx
windows7_x64
427-07-2021...1.docx
windows10_x64
127-07-2021...1.docx
windows7_x64
427-07-2021...1.docx
windows10_x64
127-07-2021...80.exe
windows7_x64
1027-07-2021...80.exe
windows10_x64
1027-07-2021...PO.exe
windows7_x64
1027-07-2021...PO.exe
windows10_x64
1027-07-2021...ST.exe
windows7_x64
1027-07-2021...ST.exe
windows10_x64
1027-07-2021...ON.exe
windows7_x64
1027-07-2021...ON.exe
windows10_x64
1027-07-2021...21.pdf
windows7_x64
127-07-2021...21.pdf
windows10_x64
127-07-2021...PY.exe
windows7_x64
1027-07-2021...PY.exe
windows10_x64
1027-07-2021...AT.exe
windows7_x64
1027-07-2021...AT.exe
windows10_x64
1027-07-2021...ry.exe
windows7_x64
27-07-2021...ry.exe
windows10_x64
10Static task
static1
Behavioral task
behavioral1
Sample
27-07-2021/27-07-2021/Dike-Infocert-Upgrade.pdf
Resource
win7v20210408
Behavioral task
behavioral2
Sample
27-07-2021/27-07-2021/Dike-Infocert-Upgrade.pdf
Resource
win10v20210410
Behavioral task
behavioral3
Sample
27-07-2021/27-07-2021/ETL_013265_601_0758.doc
Resource
win7v20210408
Behavioral task
behavioral4
Sample
27-07-2021/27-07-2021/ETL_013265_601_0758.doc
Resource
win10v20210410
Behavioral task
behavioral5
Sample
27-07-2021/27-07-2021/ETL_013265_601_0758.exe
Resource
win7v20210408
Behavioral task
behavioral6
Sample
27-07-2021/27-07-2021/ETL_013265_601_0758.exe
Resource
win10v20210410
Behavioral task
behavioral7
Sample
27-07-2021/27-07-2021/FL_6110_32_75_21.docx
Resource
win7v20210410
Behavioral task
behavioral8
Sample
27-07-2021/27-07-2021/FL_6110_32_75_21.docx
Resource
win10v20210408
Behavioral task
behavioral9
Sample
27-07-2021/27-07-2021/IMG_1026001780541.docx
Resource
win7v20210410
Behavioral task
behavioral10
Sample
27-07-2021/27-07-2021/IMG_1026001780541.docx
Resource
win10v20210408
Behavioral task
behavioral11
Sample
27-07-2021/27-07-2021/Inv_7623980.exe
Resource
win7v20210410
Behavioral task
behavioral12
Sample
27-07-2021/27-07-2021/Inv_7623980.exe
Resource
win10v20210408
Behavioral task
behavioral13
Sample
27-07-2021/27-07-2021/New PO.exe
Resource
win7v20210410
Behavioral task
behavioral14
Sample
27-07-2021/27-07-2021/New PO.exe
Resource
win10v20210410
Behavioral task
behavioral15
Sample
27-07-2021/27-07-2021/ORDER LIST.exe
Resource
win7v20210408
Behavioral task
behavioral16
Sample
27-07-2021/27-07-2021/ORDER LIST.exe
Resource
win10v20210410
Behavioral task
behavioral17
Sample
27-07-2021/27-07-2021/REQUEST FOR QUOTATION.exe
Resource
win7v20210408
Behavioral task
behavioral18
Sample
27-07-2021/27-07-2021/REQUEST FOR QUOTATION.exe
Resource
win10v20210410
Behavioral task
behavioral19
Sample
27-07-2021/27-07-2021/Remittance Copy 22-07-21.pdf
Resource
win7v20210408
Behavioral task
behavioral20
Sample
27-07-2021/27-07-2021/Remittance Copy 22-07-21.pdf
Resource
win10v20210410
Behavioral task
behavioral21
Sample
27-07-2021/27-07-2021/SWIFT COPY.exe
Resource
win7v20210410
Behavioral task
behavioral22
Sample
27-07-2021/27-07-2021/SWIFT COPY.exe
Resource
win10v20210408
Behavioral task
behavioral23
Sample
27-07-2021/27-07-2021/WE09858577444.BAT.exe
Resource
win7v20210410
Behavioral task
behavioral24
Sample
27-07-2021/27-07-2021/WE09858577444.BAT.exe
Resource
win10v20210408
Behavioral task
behavioral25
Sample
27-07-2021/27-07-2021/inquiry.exe
Resource
win7v20210410
General
-
Target
27-07-2021.7z
-
Size
4.3MB
-
MD5
40bd404957785859d7dc75f986b0e9b5
-
SHA1
c23abb937f8f509d8e80d366ec2580206a590c64
-
SHA256
a544b4050677d9e5ad964398954cf7d74c96b65a1126a8bb3491fbe52ff0ec10
-
SHA512
fd553802e9a27dd8e07b18af8d4d3511fe9e41dae54d01c8211a57742c3308e133735a289f9242688df8fc27fbf8ccd1cfbe33e36469f1c651972cd95e9ac50b
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/27-07-2021/27-07-2021/ETL_013265_601_0758.doc office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/27-07-2021/27-07-2021/ETL_013265_601_0758.doc office_xlm_macros static1/unpack001/27-07-2021/27-07-2021/ETL_013265_601_0758.doc office_macros -
Office document contains embedded OLE objects 2 IoCs
Detected embedded OLE objects in Office documents.
Processes:
resource yara_rule static1/unpack001/27-07-2021/27-07-2021/FL_6110_32_75_21.docx office_ole_embedded static1/unpack001/27-07-2021/27-07-2021/IMG_1026001780541.docx office_ole_embedded
Files
-
27-07-2021.7z.7z
-
27-07-2021/27-07-2021/Dike-Infocert-Upgrade.pdf.pdf
-
https://dike_infocert.firstcloudit.com/Infocert/Dike_Infocert_upgrade.msi
-
-
27-07-2021/27-07-2021/ETL_013265_601_0758.doc.doc windows office2003
ThisDocument
Module1
-
27-07-2021/27-07-2021/ETL_013265_601_0758.exe.exe windows x86
-
27-07-2021/27-07-2021/FL_6110_32_75_21.docx.docx .doc office2007
-
27-07-2021/27-07-2021/IMG_1026001780541.docx.docx .doc office2007
-
27-07-2021/27-07-2021/Inv_7623980.exe.exe windows x86
-
27-07-2021/27-07-2021/New PO.exe.exe windows x86
-
27-07-2021/27-07-2021/ORDER LIST.exe.exe windows x86
-
27-07-2021/27-07-2021/Payment Details.bat.zip
-
27-07-2021/27-07-2021/REQUEST FOR QUOTATION.exe.exe windows x86
-
27-07-2021/27-07-2021/Remittance Copy 22-07-21.pdf.pdf
-
https://goofy-davinci-6ad239.netlify.app/
-
-
27-07-2021/27-07-2021/SWIFT COPY.exe.exe windows x86
-
27-07-2021/27-07-2021/WE09858577444.BAT.exe windows x86
-
27-07-2021/27-07-2021/inquiry.exe.exe windows x86