General
-
Target
new order.xlsx
-
Size
215KB
-
Sample
221005-h2m98adfa9
-
MD5
36e57801689df3ff3a3eb74f8753c504
-
SHA1
931acbac922284105367bccc9cf85a5a7c271fb9
-
SHA256
1dd42a2bfbde1ba7ccadff9801dd91f7ed8befc2cdb2e7ec9df5533aeda7aa8c
-
SHA512
d4d39f46111e1a0cd1fb2426e77bc478e701c6146cbb1cb344847504e4a91ccb55ef341df8ecbf159b8a524a1e3045ae39fa6ed66ef0585023946b0adb4329fb
-
SSDEEP
6144:nhTetlrc+HvvzFub7Vu49zK5IlG5dTEJ0s:hTMlrc2vp+7w5GIAJl
Static task
static1
Behavioral task
behavioral1
Sample
new order.xlsx
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
new order.xlsx
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
new order.xlsx
-
Size
215KB
-
MD5
36e57801689df3ff3a3eb74f8753c504
-
SHA1
931acbac922284105367bccc9cf85a5a7c271fb9
-
SHA256
1dd42a2bfbde1ba7ccadff9801dd91f7ed8befc2cdb2e7ec9df5533aeda7aa8c
-
SHA512
d4d39f46111e1a0cd1fb2426e77bc478e701c6146cbb1cb344847504e4a91ccb55ef341df8ecbf159b8a524a1e3045ae39fa6ed66ef0585023946b0adb4329fb
-
SSDEEP
6144:nhTetlrc+HvvzFub7Vu49zK5IlG5dTEJ0s:hTMlrc2vp+7w5GIAJl
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-