General
-
Target
something.doc
-
Size
943KB
-
Sample
220321-t944gsdbg7
-
MD5
f994697106f7c6cef2f394a9429d9e67
-
SHA1
15252272f8d6911731eef807a49f045ff97a8a46
-
SHA256
3a2a1eff040a79d603b1ac2609a423ad8beb46d2876aa959f60dc98477707c0f
-
SHA512
d1646c3c35da147be80aa425d3ebd07fd05af54c96daef85c1f4e59b450fc8e5bd0774c2c9ebe465aa30cfb74e7a9f1b7203bbbcd36936eb5e56e2e814e04bb4
Static task
static1
Behavioral task
behavioral1
Sample
something.doc
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
something.doc
Resource
win10v2004-20220310-en
Malware Config
Extracted
hancitor
2103_punosh
http://nanogeelr.com/9/forum.php
http://ockpitehou.ru/9/forum.php
http://lumentsawfu.ru/9/forum.php
Extracted
arkei
Default
http://sughicent.com/blaka.php
Targets
-
-
Target
something.doc
-
Size
943KB
-
MD5
f994697106f7c6cef2f394a9429d9e67
-
SHA1
15252272f8d6911731eef807a49f045ff97a8a46
-
SHA256
3a2a1eff040a79d603b1ac2609a423ad8beb46d2876aa959f60dc98477707c0f
-
SHA512
d1646c3c35da147be80aa425d3ebd07fd05af54c96daef85c1f4e59b450fc8e5bd0774c2c9ebe465aa30cfb74e7a9f1b7203bbbcd36936eb5e56e2e814e04bb4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-