General
-
Target
085dba2eb623a4b4601798c155e00d3ddcc8148b7c6816fb4c6b4d3c644ef4bc
-
Size
19KB
-
Sample
220207-a71hqsdde8
-
MD5
145361c2733f4b003d97872e8de7773f
-
SHA1
f9358104397da247b471629c6fd97300e02354e1
-
SHA256
085dba2eb623a4b4601798c155e00d3ddcc8148b7c6816fb4c6b4d3c644ef4bc
-
SHA512
201766dc0406e9be3cd3f923309ac95fff0fc3e2e6ec7889f9fbada101643690f135edf375988f1ed1f7b69ca54043bb8f94492ee627de7379f66c8d378ac119
Static task
static1
Behavioral task
behavioral1
Sample
Operations BIAT.xlam
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Operations BIAT.xlam
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
Statment of payments.js
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
Statment of payments.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
http://179.43.140.150/shtq/Fack.jpg
Targets
-
-
Target
Operations BIAT.xlam
-
Size
18KB
-
MD5
c90e5f790994d92dace7065e589947c3
-
SHA1
04ac58a10b09d4bac33f18c1987002433a934aef
-
SHA256
c05aa4fa8dde819670fc412f5db60eff7dffa25d9064ca10d29b18eb607416f6
-
SHA512
8479610c5a3b4dd0179e202edeb51b8d1e9a05ac835ad4891a7cd4a577d0317d196672f1d339e87614a9b5e55523def0a94798c0b94512c72cf12b81bd7c07da
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
-
-
Target
Statment of payments.js
-
Size
29KB
-
MD5
13bd7e15b751a2a6389c587fd2cc3053
-
SHA1
335336c48596ab6a197b4254aec031f5dc327a30
-
SHA256
3b8e07eccb807a64a193e2ead60f739384542d295af70803e36f24cfc7e8c361
-
SHA512
93aee6c94609e371964ca2293eda2513ada188f5d18a28c5bf815350ce2640039fa3a386279d6f77b846ffce1b6f51d7d22d1c747cecd46ebfacf74262f13d0e
Score10/10-
Blocklisted process makes network request
-
Adds Run key to start application
-