General
-
Target
BofA_Remittance_Advice.xls
-
Size
122KB
-
Sample
220816-w26nfsfeb6
-
MD5
4b46967dd9b0cc889a71879e74c78163
-
SHA1
f4ab4a4754ba6815e6ba8adb03f68d9ea2edd39a
-
SHA256
d1300974e16f75b2fd0deeb5b4f212f2d1c9eb0d77bc51664c4dfbcdca4beb63
-
SHA512
b7bd17bc20af7daf04f201e2d4fc2a73ad3e9e1c7c97d9451ca4e0a62d777ae469b356d5b8191e50020411f51a4b1c42fade07c6ed6196af0355298b6c2aef81
-
SSDEEP
3072:6k3hOdsylKlgxopeiBNhZFGzE+cL2kdAFz5RkTdjPIUXQO2XIlGdDSojrsm+:6k3hOdsylKlgxopeiBNhZF+E+W2kdA91
Behavioral task
behavioral1
Sample
BofA_Remittance_Advice.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
BofA_Remittance_Advice.xls
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
BofA_Remittance_Advice.xls
-
Size
122KB
-
MD5
4b46967dd9b0cc889a71879e74c78163
-
SHA1
f4ab4a4754ba6815e6ba8adb03f68d9ea2edd39a
-
SHA256
d1300974e16f75b2fd0deeb5b4f212f2d1c9eb0d77bc51664c4dfbcdca4beb63
-
SHA512
b7bd17bc20af7daf04f201e2d4fc2a73ad3e9e1c7c97d9451ca4e0a62d777ae469b356d5b8191e50020411f51a4b1c42fade07c6ed6196af0355298b6c2aef81
-
SSDEEP
3072:6k3hOdsylKlgxopeiBNhZFGzE+cL2kdAFz5RkTdjPIUXQO2XIlGdDSojrsm+:6k3hOdsylKlgxopeiBNhZF+E+W2kdA91
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-