8dd8d863b51d13fedf887fc68e6f7c1a4d93fa868cf0ced1f46d2fca77585e5d | Triage

Resubmissions

09/07/2020, 13:57

200709-445cetj79s 8

09/07/2020, 12:35

200709-7gqm8v1jxx 8

09/07/2020, 12:10

200709-c19gdlgcd2 8

Sharing

General

Target

9918_99_274.xls
Size

159KB
Sample

200709-c19gdlgcd2
MD5

a1e13e4954b98e6524d47527be441812
SHA1

72e88bd0543152b638f804548a09c865aa4610c9
SHA256

8dd8d863b51d13fedf887fc68e6f7c1a4d93fa868cf0ced1f46d2fca77585e5d
SHA512

2734387aa21327b3d6547acb07e4bbf48cb473844e6491f7e659f996dab664a26a8c41cf9b8727e43f770093e7b6c3914db375a36555e32f7564bae02e3673c9

Score

8^/10

evasion macro spyware trojan

Malware Config

Targets

- Target
  
  9918_99_274.xls
- Size
  
  159KB
- MD5
  
  a1e13e4954b98e6524d47527be441812
- SHA1
  
  72e88bd0543152b638f804548a09c865aa4610c9
- SHA256
  
  8dd8d863b51d13fedf887fc68e6f7c1a4d93fa868cf0ced1f46d2fca77585e5d
- SHA512
  
  2734387aa21327b3d6547acb07e4bbf48cb473844e6491f7e659f996dab664a26a8c41cf9b8727e43f770093e7b6c3914db375a36555e32f7564bae02e3673c9
Score

6^/10

evasion spyware trojan
- Enumerates connected drives
- Modifies system certificate store
  evasion spyware trojan
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywaretrojan