Overview

overview

10

Static

static

8

Wire-Telex Copy .xls

windows7_x64

10

Wire-Telex Copy .xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wire-Telex Copy .xls

  • Size

    136KB

  • Sample

    201005-bytl8tqkt2

  • MD5

    3b41c3d33589de59952989dafd18f0a7

  • SHA1

    c37dc779c64fdad0a1c7e79de2ca7d26c754e0c2

  • SHA256

    490cb5121a4ce0761111fe088bccdc6de5ce78ff082a356a4a39ee169b428491

  • SHA512

    893b487dac90f1856d7a47fd639a45ae95e4cf4ba244b4f4d68fe3f93da1e6252ad79367ce08da0f93905a7aa4f725c5b915799f54a840b16dfdb6d2305c1812

Score
10/10
asyncratmacroratspyware

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://paste.ee/r/v5e8E

Targets

    • Target

      Wire-Telex Copy .xls

    • Size

      136KB

    • MD5

      3b41c3d33589de59952989dafd18f0a7

    • SHA1

      c37dc779c64fdad0a1c7e79de2ca7d26c754e0c2

    • SHA256

      490cb5121a4ce0761111fe088bccdc6de5ce78ff082a356a4a39ee169b428491

    • SHA512

      893b487dac90f1856d7a47fd639a45ae95e4cf4ba244b4f4d68fe3f93da1e6252ad79367ce08da0f93905a7aa4f725c5b915799f54a840b16dfdb6d2305c1812

    Score
    10/10
    spywareratasyncrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

    Defense Evasion

    Discovery

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation

                  Tasks