Overview

overview

10

Static

static

8

SecuriteIn...78.doc

windows7_x64

10

SecuriteIn...78.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Mal.DocDl-K.8726.24378

  • Size

    103KB

  • Sample

    210113-j3xrgkx3zx

  • MD5

    63d050a0b73b0ffc079150296c073cab

  • SHA1

    b5b302ceeac09ba16da146138dc3134f363affef

  • SHA256

    206e8bdc5d69ceabd4d65a60efd5e6bdd03258acf0e528abd997fbb3cc948737

  • SHA512

    08836049f1794c5bd39ee4325de78c245411ce9c582c451e0b684791ab4a968b62e7da46efa28de8e87dcd2cb49ff5c2af9d3d58e8f77b6dc48b94aedc3d6862

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://angel2gether.de/BlutEngel/SpeechEngines/
exe.dropper

http://holonchile.cl/cgi-bin/System32/
exe.dropper

http://members.nlbformula.com/cgi-bin/Microsoft.NET/
exe.dropper

http://akybron.hu/wordpress/Triedit/
exe.dropper

https://norailya.com/drupal/4zKMm/
exe.dropper

http://giannaspsychicstudio.com/cgi-bin/Systems/

Targets

    • Target

      SecuriteInfo.com.Mal.DocDl-K.8726.24378

    • Size

      103KB

    • MD5

      63d050a0b73b0ffc079150296c073cab

    • SHA1

      b5b302ceeac09ba16da146138dc3134f363affef

    • SHA256

      206e8bdc5d69ceabd4d65a60efd5e6bdd03258acf0e528abd997fbb3cc948737

    • SHA512

      08836049f1794c5bd39ee4325de78c245411ce9c582c451e0b684791ab4a968b62e7da46efa28de8e87dcd2cb49ff5c2af9d3d58e8f77b6dc48b94aedc3d6862

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks