General
-
Target
BankStatement-1675176567.xll
-
Size
75KB
-
Sample
230131-r8zq9sgg69
-
MD5
ad0b110ff2ecc9cb8243358b4cd2eaf1
-
SHA1
5c87fbef6bc4cfda56d837f3be724d9a0528d7f7
-
SHA256
448e4cbdfc4374985301a5f58b44495cbc7a9ce1457b0e290903534ea31c5aa4
-
SHA512
34174c0e8a630e53af532aeb67d7077b9d71807368273e7ee362f3b86d7a95aa6a880003871d408aa017090ae3db0d16b0c78e5e35d916fb01659c0a4e9b5d36
-
SSDEEP
768:RWPEHLuWs0sxOUKVfZ4ntEdUl9318F/ARYCD6DgUach39MHmqCegBY1iABMQ:qkL40XUKVfZ4nt+UL3180ErX8mfBcBMQ
Static task
static1
Behavioral task
behavioral1
Sample
BankStatement-1675176567.xll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
BankStatement-1675176567.xll
Resource
win10v2004-20221111-en
Malware Config
Extracted
Extracted
raccoon
470ed711dadd97d5f2669317d6d3ee7d
http://102.130.113.39
Targets
-
-
Target
BankStatement-1675176567.xll
-
Size
75KB
-
MD5
ad0b110ff2ecc9cb8243358b4cd2eaf1
-
SHA1
5c87fbef6bc4cfda56d837f3be724d9a0528d7f7
-
SHA256
448e4cbdfc4374985301a5f58b44495cbc7a9ce1457b0e290903534ea31c5aa4
-
SHA512
34174c0e8a630e53af532aeb67d7077b9d71807368273e7ee362f3b86d7a95aa6a880003871d408aa017090ae3db0d16b0c78e5e35d916fb01659c0a4e9b5d36
-
SSDEEP
768:RWPEHLuWs0sxOUKVfZ4ntEdUl9318F/ARYCD6DgUach39MHmqCegBY1iABMQ:qkL40XUKVfZ4nt+UL3180ErX8mfBcBMQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-