General

  • Target

    ALTISYS-MANU-07072020-206083-8672.xls

  • Size

    70KB

  • Sample

    200707-brlneqycke

  • MD5

    eb8f66ceba6b895b98ef88e8ce269ac1

  • SHA1

    e594e2217eab2c9ff791aded0b30e86cdf360926

  • SHA256

    8af0b10aedde4add9d62ece81efb0112263973cebce8828b7d045d8ffd15ce55

  • SHA512

    3f0d293dac337178aeb4cfaec17ca67ffa93df77dd90da9543124c06de5a6a6e1a63b83e7f17912a2bb67cedd8bb205a589dc36515c0f5f05297d1a84c385e4a

Malware Config

Targets

    • Target

      ALTISYS-MANU-07072020-206083-8672.xls

    • Size

      70KB

    • MD5

      eb8f66ceba6b895b98ef88e8ce269ac1

    • SHA1

      e594e2217eab2c9ff791aded0b30e86cdf360926

    • SHA256

      8af0b10aedde4add9d62ece81efb0112263973cebce8828b7d045d8ffd15ce55

    • SHA512

      3f0d293dac337178aeb4cfaec17ca67ffa93df77dd90da9543124c06de5a6a6e1a63b83e7f17912a2bb67cedd8bb205a589dc36515c0f5f05297d1a84c385e4a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies system certificate store

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks