General
-
Target
1027_3786738356.doc
-
Size
417KB
-
Sample
211027-rvbghshbek
-
MD5
94e3ff525dfbc56e03eb50a8b286e42c
-
SHA1
baac02021bf77988499e15231a0026a5ef6de13a
-
SHA256
b3a4a5757e65467815fff2c4a05fa29154a4a5456d05f527d16ef8cbdf4e749f
-
SHA512
4de5e7db4d8d82db71eb02c21ba792eecf6f403da24e5ea84ce94ef10b9c003ddf278d00a11f17838bd97f9126147ba8b542e2cfb09fd8e326fa3688952a8d5d
Static task
static1
Behavioral task
behavioral1
Sample
1027_3786738356.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1027_3786738356.doc
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
1027_3786738356.doc
-
Size
417KB
-
MD5
94e3ff525dfbc56e03eb50a8b286e42c
-
SHA1
baac02021bf77988499e15231a0026a5ef6de13a
-
SHA256
b3a4a5757e65467815fff2c4a05fa29154a4a5456d05f527d16ef8cbdf4e749f
-
SHA512
4de5e7db4d8d82db71eb02c21ba792eecf6f403da24e5ea84ce94ef10b9c003ddf278d00a11f17838bd97f9126147ba8b542e2cfb09fd8e326fa3688952a8d5d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-