General
-
Target
ACH Remittance Details.xls
-
Size
29KB
-
Sample
220823-kwxyksfba8
-
MD5
135a1b45054fd8c36e854fb696d7391a
-
SHA1
80e56aad8cf5281d4374ae3b3f99ae7bd3f46198
-
SHA256
7e59886a1137a4e857507cc61b150d5637ff71b09af43deeb70d1c9644ce465e
-
SHA512
445bec2c31074256f9da3afda2034f150cf8fe3fa6e1441a70a7d4a0068c56c046df8f1269fe4d5d6e7f500699be61521a1c011b4d2ad48a2eb64c9e8958a498
-
SSDEEP
768:cgk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJRoPoi:nk3hOdsylKlgxopeiBNhZFGzE+cL2kdh
Behavioral task
behavioral1
Sample
ACH Remittance Details.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ACH Remittance Details.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
bitm.dvrlists.com:6061
-
communication_password
cef08aa1523518b499f65898132b7512
-
tor_process
tor
Targets
-
-
Target
ACH Remittance Details.xls
-
Size
29KB
-
MD5
135a1b45054fd8c36e854fb696d7391a
-
SHA1
80e56aad8cf5281d4374ae3b3f99ae7bd3f46198
-
SHA256
7e59886a1137a4e857507cc61b150d5637ff71b09af43deeb70d1c9644ce465e
-
SHA512
445bec2c31074256f9da3afda2034f150cf8fe3fa6e1441a70a7d4a0068c56c046df8f1269fe4d5d6e7f500699be61521a1c011b4d2ad48a2eb64c9e8958a498
-
SSDEEP
768:cgk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJRoPoi:nk3hOdsylKlgxopeiBNhZFGzE+cL2kdh
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-