Overview

overview

10

Static

static

document

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lyft-d10193.doc

  • Size

    132KB

  • Sample

    200213-yvxqep26se

  • MD5

    ef24bc5c50c7755fa6b4574128156d2d

  • SHA1

    123fa2d6eed535f06d29e482a51986271369da77

  • SHA256

    20faee2a8d4618002437bfcf80f4445bdb66c9b8323698a0f821f2600b1cde77

  • SHA512

    b810d208db30bf8a490eed5cca636c217e44d73fd54c406f93131cb16bb71b533ccb65b0164b990f706a6f1edd84015aef21894985d2b9c7f88af28ebe01218b

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://neoneo-bg.site/hIeak.dat
exe.dropper

http://neoneo-bg.site/geTask.dat
exe.dropper

http://neoneo-bg.site/rTTj.dat

Targets

    • Target

      lyft-d10193.doc

    • Size

      132KB

    • MD5

      ef24bc5c50c7755fa6b4574128156d2d

    • SHA1

      123fa2d6eed535f06d29e482a51986271369da77

    • SHA256

      20faee2a8d4618002437bfcf80f4445bdb66c9b8323698a0f821f2600b1cde77

    • SHA512

      b810d208db30bf8a490eed5cca636c217e44d73fd54c406f93131cb16bb71b533ccb65b0164b990f706a6f1edd84015aef21894985d2b9c7f88af28ebe01218b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks