General
-
Target
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xlsx
-
Size
1.8MB
-
Sample
230206-3sab8abf5v
-
MD5
b7b547d017f9576698b464f93997b0ee
-
SHA1
0ae98a894517fb36cce84d023a7922cbec81ffad
-
SHA256
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3
-
SHA512
b21f77fbd5c51b5f3763310dd693ab9be46bb958955179dc8b4ec3bbaba6357f44171b6ce041c4ba2814077d66d4e798febd1fb5de6a9d69b7b9a10ff1578474
-
SSDEEP
49152:oLK7B9ghkuJ1ae9a9guJ1E5aKjTbcobCl+nGiKQLdlz:YaShkwPYiwudjUjd1QHz
Behavioral task
behavioral1
Sample
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sfivegroupe.com - Port:
587 - Username:
malika.baraitame@sfivegroupe.com - Password:
S8YVh~75ZPC
Targets
-
-
Target
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xlsx
-
Size
1.8MB
-
MD5
b7b547d017f9576698b464f93997b0ee
-
SHA1
0ae98a894517fb36cce84d023a7922cbec81ffad
-
SHA256
ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3
-
SHA512
b21f77fbd5c51b5f3763310dd693ab9be46bb958955179dc8b4ec3bbaba6357f44171b6ce041c4ba2814077d66d4e798febd1fb5de6a9d69b7b9a10ff1578474
-
SSDEEP
49152:oLK7B9ghkuJ1ae9a9guJ1E5aKjTbcobCl+nGiKQLdlz:YaShkwPYiwudjUjd1QHz
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-