General
-
Target
ORDER.docx
-
Size
10KB
-
Sample
230130-k6hawabd91
-
MD5
ee9c4439d6fefe4e4b397a03c6141cf4
-
SHA1
c76aba79677051d985b9aef5d9dd2bca77060137
-
SHA256
8be7b2b32a7480eff95031b5e75e9a16b6ad95e2e9d1bb06d35cad339129a010
-
SHA512
0fd308212e34efb544c39e43683d6700bcfb5bb1b415cb4a97d46036e810babb8e008ba31071cc88cb012095d4eab135a0f886b8dcffc5324339fb9a03f65e32
-
SSDEEP
192:ScIMmtP5hG/b7XN+eOcrO+5+5F7Jar/YEChI3VR:SPXRE7XtOcr7wtar/YECOX
Malware Config
Extracted
http://dgdfghfjfghfghfghgfhfghfgsdgfggdfgdfgertdfgdfgdfg@3119963319/l.doc
Targets
-
-
Target
ORDER.docx
-
Size
10KB
-
MD5
ee9c4439d6fefe4e4b397a03c6141cf4
-
SHA1
c76aba79677051d985b9aef5d9dd2bca77060137
-
SHA256
8be7b2b32a7480eff95031b5e75e9a16b6ad95e2e9d1bb06d35cad339129a010
-
SHA512
0fd308212e34efb544c39e43683d6700bcfb5bb1b415cb4a97d46036e810babb8e008ba31071cc88cb012095d4eab135a0f886b8dcffc5324339fb9a03f65e32
-
SSDEEP
192:ScIMmtP5hG/b7XN+eOcrO+5+5F7Jar/YEChI3VR:SPXRE7XtOcr7wtar/YECOX
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-