General
-
Target
工行支ä»_é_šçŸ¥ - ICBC Payment Advice (Ref MT10385748472).docx
-
Size
10KB
-
Sample
211026-ktzz6ahhdp
-
MD5
431ce22a09ba2fdbf2818559a8e3d765
-
SHA1
4d2a4167f1c115b5cc13348a91adc7ff8a86be91
-
SHA256
dd5a8452993e5300474923f6f48b666bc7157254298568c9325367e35f86f203
-
SHA512
60697715fde6092ecf4a9efbbdf3c20e74b9e903eeac40efe87afc345e03f519114d5e1a333c4f2ef3bbca6580f6b5c41931f15e6323bd942ea8abe7b1b515fd
Static task
static1
Behavioral task
behavioral1
Sample
工行支ä»_é_šçŸ¥ - ICBC Payment Advice (Ref MT10385748472).docx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
工行支ä»_é_šçŸ¥ - ICBC Payment Advice (Ref MT10385748472).docx
Resource
win10-en-20210920
Malware Config
Extracted
http://107.172.75.201/------wiz_------__--------wii.wiz_---------_-------------wiiz/....--.-.-.-.-------------------wii.wiz.......wii.wiz......wii....wiz......wiz.wiz
Targets
-
-
Target
工行支ä»_é_šçŸ¥ - ICBC Payment Advice (Ref MT10385748472).docx
-
Size
10KB
-
MD5
431ce22a09ba2fdbf2818559a8e3d765
-
SHA1
4d2a4167f1c115b5cc13348a91adc7ff8a86be91
-
SHA256
dd5a8452993e5300474923f6f48b666bc7157254298568c9325367e35f86f203
-
SHA512
60697715fde6092ecf4a9efbbdf3c20e74b9e903eeac40efe87afc345e03f519114d5e1a333c4f2ef3bbca6580f6b5c41931f15e6323bd942ea8abe7b1b515fd
Score10/10-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-