General
-
Target
Declaration_of_conformity_INOX_MACEL_ITALY_09_2023.xls
-
Size
100KB
-
Sample
230914-sma2fsch2w
-
MD5
100a2750f01f084234fbd828f1f608fc
-
SHA1
e5c947d03ad2a7a08500275b2107d91f13295066
-
SHA256
4a7daa6f01efcbc7e6480e26f2f99092eb7c059929bc84debd13a7962d0a2a25
-
SHA512
cf3e7cc272d565722e1f522e038925e8416863994facd1d206695f46178792c7b9f7c87b2b878d1845d7208ff1647158d3980a7268c53be39b98eac354681f8f
-
SSDEEP
3072:YrxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAPtJE2zuxq+fr9wBLa71ba2ryLTHeYjc:exEtjPOtioVjDGUU1qfDlavx+W2QnAF9
Behavioral task
behavioral1
Sample
Declaration_of_conformity_INOX_MACEL_ITALY_09_2023.xls
Resource
win7-20230831-en
Malware Config
Extracted
bitrat
1.38
185.225.75.68:3569
-
communication_password
0edcbe7d888380c49e7d1dcf67b6ea6e
-
tor_process
tor
Targets
-
-
Target
Declaration_of_conformity_INOX_MACEL_ITALY_09_2023.xls
-
Size
100KB
-
MD5
100a2750f01f084234fbd828f1f608fc
-
SHA1
e5c947d03ad2a7a08500275b2107d91f13295066
-
SHA256
4a7daa6f01efcbc7e6480e26f2f99092eb7c059929bc84debd13a7962d0a2a25
-
SHA512
cf3e7cc272d565722e1f522e038925e8416863994facd1d206695f46178792c7b9f7c87b2b878d1845d7208ff1647158d3980a7268c53be39b98eac354681f8f
-
SSDEEP
3072:YrxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAPtJE2zuxq+fr9wBLa71ba2ryLTHeYjc:exEtjPOtioVjDGUU1qfDlavx+W2QnAF9
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-