Overview

overview

10

Static

static

PRIZOVKA_SL.doc

windows7_x64

10

PRIZOVKA_SL.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRIZOVKA_SL.doc

  • Size

    54KB

  • Sample

    200713-7dgh6tzeln

  • MD5

    a333fc51570e37262cb4d03305bfb591

  • SHA1

    f6e9b39410615ebc9f633f2aa803c48118a02e0b

  • SHA256

    ad55de0ba082e1d0ba31f608e222d5dc9bae470bbc427b21801a37aab7309aa9

  • SHA512

    26124376a5fb52b6bb63c3947a3635f4e19b479ff987f215d6e87d062706f06715ec076c9fe411c6ec0ff24b7835bd1b4eb60f2f8b1616f0a1228ff65518effb

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://fgs.elpadrino.xyz:2095/lado/4.exe

Targets

    • Target

      PRIZOVKA_SL.doc

    • Size

      54KB

    • MD5

      a333fc51570e37262cb4d03305bfb591

    • SHA1

      f6e9b39410615ebc9f633f2aa803c48118a02e0b

    • SHA256

      ad55de0ba082e1d0ba31f608e222d5dc9bae470bbc427b21801a37aab7309aa9

    • SHA512

      26124376a5fb52b6bb63c3947a3635f4e19b479ff987f215d6e87d062706f06715ec076c9fe411c6ec0ff24b7835bd1b4eb60f2f8b1616f0a1228ff65518effb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks