General
-
Target
f4c82379e41bccf127f9010ea87d8262.bin
-
Size
7KB
-
Sample
230312-crhdbscd67
-
MD5
8b676b833e88caebb81002fae88bca7b
-
SHA1
77ac15c78e62aea73243b0082346daf8e8fca462
-
SHA256
da4eee174f3c4063cafde7d20d1eaa1afa61d73b7447756d68f7e08bc510e127
-
SHA512
f393874e20cd46fb555d60ba107baefbde706cf00b8df0091e3552b586db8e71efac961b2e1fc1ad5239821de20b38f43638e48004b26055453ac7033344306e
-
SSDEEP
192:I+eyK72ABDvi+4qCjFoEeJZVbue/BR//SF6S+4WhHQoimeKCobwuvuy:I+ehfviRFsJhbKF654WSPKCobwuvL
Static task
static1
Behavioral task
behavioral1
Sample
b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://yyyyyYYYYUUSUUUUUUU3243242UUU23U423U4UU2UWW00000000000000000000000@2401929236/hz...........hz............doc
Targets
-
-
Target
b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d.doc
-
Size
10KB
-
MD5
f4c82379e41bccf127f9010ea87d8262
-
SHA1
d5c10f72a585a3168bc3507486328d06f0d08019
-
SHA256
b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d
-
SHA512
38e2984a5df39ddf858de9657da038c6223d5af5cd606ce27f0de7f744c99a4b0e35ec71fc2b9a4f0a1c440400b54c1d0cadcd18de873860e0caf6545041028c
-
SSDEEP
192:ScIMmtP1aIG/bslPL++uOvl+CVWBXJC0c3jC5R:SPXU/slT+LOvHkZC9jCT
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-