General
-
Target
Scan Bill of Lading.xlsm
-
Size
398KB
-
Sample
200630-5m9l7sr2ae
-
MD5
937aa5650aa985dd443f4a03156967c9
-
SHA1
f40cd6481a66c1608a6b97580fe69f2e4904ed6d
-
SHA256
f4dcd21a2e0b2f4432b665157a1f934e5063be6bbf7ef5f92b365bbbeca92331
-
SHA512
8113094f933fbd159ec1d37bd7da487e42a515bfba57c6de6c82358223b2e202c6b592ea8fff18568694ca58fdbaebfb60b53f7974743a8c8c9f4abc1af68b93
Static task
static1
Behavioral task
behavioral1
Sample
Scan Bill of Lading.xlsm
Resource
win7
Behavioral task
behavioral2
Sample
Scan Bill of Lading.xlsm
Resource
win10v200430
Malware Config
Extracted
https://kyivremont.com/vbc.exe
Targets
-
-
Target
Scan Bill of Lading.xlsm
-
Size
398KB
-
MD5
937aa5650aa985dd443f4a03156967c9
-
SHA1
f40cd6481a66c1608a6b97580fe69f2e4904ed6d
-
SHA256
f4dcd21a2e0b2f4432b665157a1f934e5063be6bbf7ef5f92b365bbbeca92331
-
SHA512
8113094f933fbd159ec1d37bd7da487e42a515bfba57c6de6c82358223b2e202c6b592ea8fff18568694ca58fdbaebfb60b53f7974743a8c8c9f4abc1af68b93
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-