General
-
Target
Orders.docx.doc
-
Size
22KB
-
Sample
230810-v8vzvshf5y
-
MD5
228f3b042d432eb4ffa95a97ca6eea4a
-
SHA1
677e75d0a274b8bf9f71e01c6de0d10761338b35
-
SHA256
a5ac36f6a99ec92dedf0f7540aca80496e33a976e9a74f74f81c46dd0b6daab7
-
SHA512
984ace9733ca6d2f287a5312420b030c5790b3c39328a8d0c92e28078b31b71f84c5677e8c0b9ffbf5d93a987a668910d79ae4264c09e52a384ab6d9e08caa6c
-
SSDEEP
384:3I+R9SfG6f59UORfqNy4Y0Fivd7ZMM4EUS9rDhCl0mppOkFzO7Y7E:3IzXomfsRYKiAMx9Xg0mptRaY4
Malware Config
Targets
-
-
Target
Orders.docx.doc
-
Size
22KB
-
MD5
228f3b042d432eb4ffa95a97ca6eea4a
-
SHA1
677e75d0a274b8bf9f71e01c6de0d10761338b35
-
SHA256
a5ac36f6a99ec92dedf0f7540aca80496e33a976e9a74f74f81c46dd0b6daab7
-
SHA512
984ace9733ca6d2f287a5312420b030c5790b3c39328a8d0c92e28078b31b71f84c5677e8c0b9ffbf5d93a987a668910d79ae4264c09e52a384ab6d9e08caa6c
-
SSDEEP
384:3I+R9SfG6f59UORfqNy4Y0Fivd7ZMM4EUS9rDhCl0mppOkFzO7Y7E:3IzXomfsRYKiAMx9Xg0mptRaY4
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-