General
-
Target
Romania_Request_Imun_SRL_09_2023.xls
-
Size
100KB
-
Sample
230914-smpjvafe25
-
MD5
968a96fab78010b987e7a0b8624d2605
-
SHA1
1e42b6186f040b9868a978450fde05e39a267bf3
-
SHA256
63e7d413f4653c4b84c8e4c1c4fd4516a245464b3e996aa733ce21c9c1c964b1
-
SHA512
f953916293565e59e94f2671ef4798eff19d7ff965570d66682c38aeca273331735b638b03653960838bbfac15333364dbfb477135d298d25690b8a95fb65a75
-
SSDEEP
3072:irxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAftJE2zuxq+fr9wBLa71ba2ryLTHeYB:kxEtjPOtioVjDGUU1qfDlavx+W2QnAVF
Behavioral task
behavioral1
Sample
Romania_Request_Imun_SRL_09_2023.xls
Resource
win7-20230831-en
Malware Config
Extracted
bitrat
1.38
185.225.75.68:3569
-
communication_password
0edcbe7d888380c49e7d1dcf67b6ea6e
-
tor_process
tor
Targets
-
-
Target
Romania_Request_Imun_SRL_09_2023.xls
-
Size
100KB
-
MD5
968a96fab78010b987e7a0b8624d2605
-
SHA1
1e42b6186f040b9868a978450fde05e39a267bf3
-
SHA256
63e7d413f4653c4b84c8e4c1c4fd4516a245464b3e996aa733ce21c9c1c964b1
-
SHA512
f953916293565e59e94f2671ef4798eff19d7ff965570d66682c38aeca273331735b638b03653960838bbfac15333364dbfb477135d298d25690b8a95fb65a75
-
SSDEEP
3072:irxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAftJE2zuxq+fr9wBLa71ba2ryLTHeYB:kxEtjPOtioVjDGUU1qfDlavx+W2QnAVF
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-