General
-
Target
29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm
-
Size
86KB
-
Sample
200529-2wxrpzpnan
-
MD5
a758f5bfaeb275b5dfaf5be55a8b087b
-
SHA1
eff178dfef00ee753f4a540107632e43ec4a4ef9
-
SHA256
29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366
-
SHA512
7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364
Static task
static1
Behavioral task
behavioral1
Sample
29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm
Resource
win7v200430
Malware Config
Targets
-
-
Target
29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm
-
Size
86KB
-
MD5
a758f5bfaeb275b5dfaf5be55a8b087b
-
SHA1
eff178dfef00ee753f4a540107632e43ec4a4ef9
-
SHA256
29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366
-
SHA512
7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-