General
-
Target
RFQ NO.71092.doc
-
Size
70KB
-
Sample
211019-jwlpwafdd4
-
MD5
9c90d014b3fe6c06dc4bfccd05eeb09b
-
SHA1
2535e0244a7212b5e67671051a2b6e2f9077b739
-
SHA256
838bb771d05c0436b9e37bc35ccdcf80d49b2b4d8aa78fa6627b331307fc6f73
-
SHA512
e19798b7b4ff1d2fd9507c942b11419a6a87c648887a6a9f659134536223e8562e9542edef87d95053e2bd4891f611af1ce40ada297585ccd5667300f8097854
Static task
static1
Behavioral task
behavioral1
Sample
RFQ NO.71092.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RFQ NO.71092.doc
Resource
win10-en-20210920
Malware Config
Extracted
oski
stanelectronics.xyz
Targets
-
-
Target
RFQ NO.71092.doc
-
Size
70KB
-
MD5
9c90d014b3fe6c06dc4bfccd05eeb09b
-
SHA1
2535e0244a7212b5e67671051a2b6e2f9077b739
-
SHA256
838bb771d05c0436b9e37bc35ccdcf80d49b2b4d8aa78fa6627b331307fc6f73
-
SHA512
e19798b7b4ff1d2fd9507c942b11419a6a87c648887a6a9f659134536223e8562e9542edef87d95053e2bd4891f611af1ce40ada297585ccd5667300f8097854
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-