General
-
Target
invoice1653.xls
-
Size
51KB
-
Sample
220811-pclhnafacj
-
MD5
c2a5f63e58494668d3d2e92d6345c2a7
-
SHA1
f6b415be41927bdc538dd8a4a00e7fde1fabb077
-
SHA256
ed724842865fd67ff9c19eae7dc75b9d2ff671aba3e75b20ef012cf7d82763d2
-
SHA512
4b27949c32155d5f3b221f2f2485c9d60979dcc8c98bbb889071f8b59d2572c597f2fce7893946ade817775b860eef5cfd2d82a02fcf00e2f2680625079975a4
Malware Config
Targets
-
-
Target
invoice1653.xls
-
Size
51KB
-
MD5
c2a5f63e58494668d3d2e92d6345c2a7
-
SHA1
f6b415be41927bdc538dd8a4a00e7fde1fabb077
-
SHA256
ed724842865fd67ff9c19eae7dc75b9d2ff671aba3e75b20ef012cf7d82763d2
-
SHA512
4b27949c32155d5f3b221f2f2485c9d60979dcc8c98bbb889071f8b59d2572c597f2fce7893946ade817775b860eef5cfd2d82a02fcf00e2f2680625079975a4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-