General
-
Target
Invoice- 9452729 Oil_Field_Swift_remmitance.doc
-
Size
55KB
-
Sample
211018-lmmlxseccl
-
MD5
531576d42fac0f02c88fdc36714d3d1c
-
SHA1
b792e083daa495aa9474e8fca8e885a6eef6b263
-
SHA256
af731db3ff0accea3ed49292d5aaf903ea530de823197fd3eda5e21830c49b8d
-
SHA512
7811c2943d4ab89c2ec830af65e6eff6ca24a288ead34608e12707e1df645095472e7470223c0314894b94607629a18c547e26ba4016916afcf97742a20a78be
Behavioral task
behavioral1
Sample
Invoice- 9452729 Oil_Field_Swift_remmitance.doc
Resource
win7-en-20210920
Malware Config
Extracted
https://searcer.x24hr.com/a/soleApp11.exe
Extracted
arkei
Default
http://136.144.41.229/gJCbU1V9y2.php
Targets
-
-
Target
Invoice- 9452729 Oil_Field_Swift_remmitance.doc
-
Size
55KB
-
MD5
531576d42fac0f02c88fdc36714d3d1c
-
SHA1
b792e083daa495aa9474e8fca8e885a6eef6b263
-
SHA256
af731db3ff0accea3ed49292d5aaf903ea530de823197fd3eda5e21830c49b8d
-
SHA512
7811c2943d4ab89c2ec830af65e6eff6ca24a288ead34608e12707e1df645095472e7470223c0314894b94607629a18c547e26ba4016916afcf97742a20a78be
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-