Overview
overview
10Static
static
8BL. NO. AN...21.exe
windows7_x64
10BL. NO. AN...21.exe
windows10_x64
10Sample_101...mg.exe
windows7_x64
10Sample_101...mg.exe
windows10_x64
10Invoice 19...df.exe
windows7_x64
1Invoice 19...df.exe
windows10_x64
10Leak/PROFO...CE.doc
windows7_x64
10Leak/PROFO...CE.doc
windows10_x64
1Payment re...df.exe
windows7_x64
10Payment re...df.exe
windows10_x64
10Leak/Profo...mg.xls
windows7_x64
10Leak/Profo...mg.xls
windows10_x64
10Static task
static1
Behavioral task
behavioral1
Sample
BL. NO. ANSMUNDAR3621.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
BL. NO. ANSMUNDAR3621.exe
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
Sample_10120351200_ISO_035117img.exe
Resource
win7-en-20210920
Behavioral task
behavioral4
Sample
Sample_10120351200_ISO_035117img.exe
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
Invoice 1905-20-1907-20.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral6
Sample
Invoice 1905-20-1907-20.pdf.exe
Resource
win10-en-20211014
Behavioral task
behavioral7
Sample
Leak/PROFORMA INVOICE.doc
Resource
win7-en-20210920
Behavioral task
behavioral8
Sample
Leak/PROFORMA INVOICE.doc
Resource
win10-en-20211014
Behavioral task
behavioral9
Sample
Payment receipt.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral10
Sample
Payment receipt.pdf.exe
Resource
win10-en-20210920
Behavioral task
behavioral11
Sample
Leak/Proforma invoice35117img.xls
Resource
win7-en-20211014
Behavioral task
behavioral12
Sample
Leak/Proforma invoice35117img.xls
Resource
win10-en-20210920
General
-
Target
Leak.zip
-
Size
3.0MB
-
MD5
cd6305e8c52cd93979c3a93164861c86
-
SHA1
955850b81692f2b5b83a5a7ecc2fc6f4b11618d4
-
SHA256
6243afcc3184f4bf3f969dd7fed686e57e574d17417ec71351bc71d5adba673d
-
SHA512
cb5790048002ae59ef51c9e9d99cb7eea63992a39c157f5cb748faafb28aa52388b50e863e18fa70b879c05afe899743523c3c1fa0cb8e189890551a03a0d1d4
Malware Config
Signatures
-
Office macro that triggers on suspicious action 2 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action static1/unpack001/Leak/Proforma invoice35117img.xls office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/Leak/Proforma invoice35117img.xls office_xlm_macros static1/unpack001/Leak/Proforma invoice35117img.xls office_macros
Files
-
Leak.zip.zip
-
Leak/BL. NO. ANSMUNDAR3621.img.iso
-
BL. NO. ANSMUNDAR3621.exe.exe windows x86
-
Leak/Confirmed Letter35117img.r21.rar
-
Sample_10120351200_ISO_035117img.exe.exe windows x86
-
Leak/Invoice 1905-20-1907-20.pdf.gz.rar
-
Invoice 1905-20-1907-20.pdf.exe.exe windows x86
-
Leak/PROFORMA INVOICE.doc.doc .rtf
-
Leak/Payment receipt.pdf.ace.ace
-
Payment receipt.pdf.exe.exe windows x86
-
Leak/Proforma invoice35117img.xls.xls windows office2003
ThisWorkbook
Sheet1
Module1
-
Leak/dataspeed1.PNG.png
-
Leak/dataspeed2.PNG.png