General
-
Target
vir.doc
-
Size
417KB
-
Sample
211029-neacqshhdm
-
MD5
ba23c4970aa9c2de50bdf1b1e33bbadc
-
SHA1
d51ee5f01cb47da056917564e8046cb41fc0e052
-
SHA256
89885adcbb030fd0251b08cc401392e90d4ad948f6cfc68dda34472c455a8951
-
SHA512
ec179c2b15d2db6190bb10867c407143d78adccb6bd920d83c083843eeb1bb47a11cb5c92a4a398ad04783fa2dd223009f462d01b9822ab51c05f70ebe654e30
Static task
static1
Behavioral task
behavioral1
Sample
vir.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
vir.doc
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
vir.doc
-
Size
417KB
-
MD5
ba23c4970aa9c2de50bdf1b1e33bbadc
-
SHA1
d51ee5f01cb47da056917564e8046cb41fc0e052
-
SHA256
89885adcbb030fd0251b08cc401392e90d4ad948f6cfc68dda34472c455a8951
-
SHA512
ec179c2b15d2db6190bb10867c407143d78adccb6bd920d83c083843eeb1bb47a11cb5c92a4a398ad04783fa2dd223009f462d01b9822ab51c05f70ebe654e30
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-