Overview

overview

10

Static

static

8

file_1301_2021.doc

windows7_x64

10

file_1301_2021.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file_1301_2021.zip

  • Size

    85KB

  • Sample

    210113-psdlp5yk8a

  • MD5

    1b79fd7df9f6ffb14dfff61d1039d3e3

  • SHA1

    b93a6bdbf9f89bca637fd64a401b77eb90350e06

  • SHA256

    e8d579c456668ede56746433ab1425c07bedeec985a0f811291f3f8b506ee949

  • SHA512

    1458d30a5fe837668f294cf33438deb8addefa90f9c0834764a30204d83f5102ff933a50599440df52e899818ccbf13f1bcda438d713a7861aaf7c12629bf02c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://transfersuvan.com/wp-admin/yhUw0GU/
exe.dropper

http://equipamentosmix.com/1/TRM/
exe.dropper

http://vedavacademy.com/wp-admin/7BHbH/
exe.dropper

http://lezz-etci.com/wp-content/mXxP/
exe.dropper

https://lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/
exe.dropper

http://aryasamajmandirkanpur.com/cgi-bin/VcJK/
exe.dropper

http://music.mnahid.com/wp-admin/kCGrt8/

Targets

    • Target

      file_1301_2021.doc

    • Size

      167KB

    • MD5

      814b00fee318c4790f0a6c4601705eae

    • SHA1

      74090f9d22d889404898e352d67bf7feb95b1947

    • SHA256

      295f317f093c9e9c7cac20d70e708074f9d5ca0285de2e140ded000d0a196f47

    • SHA512

      ba265a75e1e7b7b048082d8d1cd79bc16d1cb77df15028ae7bbcc3f1786e819ea64daf99459bd82b7f7229eb653704d2b4e3aaa3da51726ebaf68022ef231c80

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks