General
-
Target
Purchase Order.xlsx
-
Size
187KB
-
Sample
220326-hlzy3shea8
-
MD5
f5fffc343e9dda0bb4e7be9a76ccaa81
-
SHA1
9cdc3274e984cfe1811a33f7509ac5ce30bdf75b
-
SHA256
f5052d7774eae6c14693e7c5826de8ee658916d121f26d27d76d7a23da1816a9
-
SHA512
3c4634d0cdb8c123b6fb431b9a17bcc344d5e7af346c9c78aa3a45f87f13652467a1e7e9aabdbb1a65735ce034b67e56e07956926064f1a75cffe33a7380a4cf
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.xlsx
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Purchase Order.xlsx
Resource
win10v2004-20220310-en
Malware Config
Extracted
oski
panel.blsasco.com
Targets
-
-
Target
Purchase Order.xlsx
-
Size
187KB
-
MD5
f5fffc343e9dda0bb4e7be9a76ccaa81
-
SHA1
9cdc3274e984cfe1811a33f7509ac5ce30bdf75b
-
SHA256
f5052d7774eae6c14693e7c5826de8ee658916d121f26d27d76d7a23da1816a9
-
SHA512
3c4634d0cdb8c123b6fb431b9a17bcc344d5e7af346c9c78aa3a45f87f13652467a1e7e9aabdbb1a65735ce034b67e56e07956926064f1a75cffe33a7380a4cf
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-