General
-
Target
Tax Invoice0087.xlsm
-
Size
42KB
-
Sample
221117-j8z32aea27
-
MD5
641f64ca0e5aa6d3897c8f1cc72382ae
-
SHA1
84cbc19ea037d15f7a4e25fe465251dfb3cd3651
-
SHA256
8ac37ca924c8fbee84c160cdf5d71215a9f1727afd7906add01f3cfc9e81d590
-
SHA512
9252a08d1db57b516fcf6dd68084d818a80df50cc5449eda4f1c894354becca4b23e21fcf3fd57bbaa411f642e44b4b145441ff3d58c54b75fc8c9cebbdd8786
-
SSDEEP
768:9vdP9vLssnXkBIJYfTH+niSpXvDHXmv+nW8FFiKk/fsqtA6WmRw+nQzHwlMiQ2O:9vTvLTXkG1BBTXmv+HFFi3/kqGVmdQLz
Static task
static1
Behavioral task
behavioral1
Sample
Tax Invoice0087.xlsm
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Tax Invoice0087.xlsm
-
Size
42KB
-
MD5
641f64ca0e5aa6d3897c8f1cc72382ae
-
SHA1
84cbc19ea037d15f7a4e25fe465251dfb3cd3651
-
SHA256
8ac37ca924c8fbee84c160cdf5d71215a9f1727afd7906add01f3cfc9e81d590
-
SHA512
9252a08d1db57b516fcf6dd68084d818a80df50cc5449eda4f1c894354becca4b23e21fcf3fd57bbaa411f642e44b4b145441ff3d58c54b75fc8c9cebbdd8786
-
SSDEEP
768:9vdP9vLssnXkBIJYfTH+niSpXvDHXmv+nW8FFiKk/fsqtA6WmRw+nQzHwlMiQ2O:9vTvLTXkG1BBTXmv+HFFi3/kqGVmdQLz
-
NetWire RAT payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-