General
-
Target
Payment Slip_2023_0024.docx
-
Size
10KB
-
Sample
230202-mqxrqsfg79
-
MD5
0e3c843b17ff76231516dbeff9511bca
-
SHA1
ad7d57ff16f0772f1adb71f80bfdcd9375c07b2a
-
SHA256
6b6623c08a3daa627ed244086c5e2291b4abc39bbc928f754dd4e5b8bae77792
-
SHA512
144ebd5d8c3ad1a494ef224a1370113eecbe796d8aa75158e799a9b35f3b36feee675f5983e1b782ce946d2d75b0000ee09a4c468a05f4fd4696d9ce4ceda3f8
-
SSDEEP
192:ScIMmtP5hG/b7XN+eOSO+5+5F7Jar/YEChI30N:SPXRE7XtOS7wtar/YECO0
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip_2023_0024.docx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment Slip_2023_0024.docx
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://dgdf00000ghfjf00000ghfghf000ghgfh00000fghfgs0000dgfggdfg0000dfger000tdfg000dfgdfg@3235029098/9.doc
Targets
-
-
Target
Payment Slip_2023_0024.docx
-
Size
10KB
-
MD5
0e3c843b17ff76231516dbeff9511bca
-
SHA1
ad7d57ff16f0772f1adb71f80bfdcd9375c07b2a
-
SHA256
6b6623c08a3daa627ed244086c5e2291b4abc39bbc928f754dd4e5b8bae77792
-
SHA512
144ebd5d8c3ad1a494ef224a1370113eecbe796d8aa75158e799a9b35f3b36feee675f5983e1b782ce946d2d75b0000ee09a4c468a05f4fd4696d9ce4ceda3f8
-
SSDEEP
192:ScIMmtP5hG/b7XN+eOSO+5+5F7Jar/YEChI30N:SPXRE7XtOS7wtar/YECO0
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-