General
-
Target
0708_5355150121.xll
-
Size
23KB
-
Sample
210708-6hrwry8lce
-
MD5
41e0318dfdb1c180a375a7efc712649e
-
SHA1
f0c230010c7b85544c25879d4daf74479360e1bc
-
SHA256
73b8c566d8cdf3200daa0b698b9d32a49b1ea8284a1e6aa6408eb9c9daaacb71
-
SHA512
b20ec32ba9f7269deda4f70e655bb7a105dde896524bfd9c788605f2a0a26bc3bc7ddceed93c4f7b14404a65107647a9b9840c8adec32c12d92138b69805cc17
Static task
static1
Behavioral task
behavioral1
Sample
0708_5355150121.xll.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0708_5355150121.xll.dll
Resource
win10v20210408
Malware Config
Extracted
hancitor
0707in2_wvcr
http://sudepallon.com/8/forum.php
http://anspossthrly.ru/8/forum.php
http://thentabecon.ru/8/forum.php
Targets
-
-
Target
0708_5355150121.xll
-
Size
23KB
-
MD5
41e0318dfdb1c180a375a7efc712649e
-
SHA1
f0c230010c7b85544c25879d4daf74479360e1bc
-
SHA256
73b8c566d8cdf3200daa0b698b9d32a49b1ea8284a1e6aa6408eb9c9daaacb71
-
SHA512
b20ec32ba9f7269deda4f70e655bb7a105dde896524bfd9c788605f2a0a26bc3bc7ddceed93c4f7b14404a65107647a9b9840c8adec32c12d92138b69805cc17
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-