Overview

overview

10

Static

static

8

Liste-7049...97.doc

windows7_x64

10

Liste-7049...97.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Liste-70497 462123797.doc

  • Size

    158KB

  • Sample

    210114-5fqqc3m9a6

  • MD5

    e6fa06f6b8a4fc18b58ab391ef19cba9

  • SHA1

    79e39537c6deeb162756e2dfe7a3f77c0f96d1e2

  • SHA256

    9c79e7b9f68462cc7dc5a5e149b64d277c92a2edb2c6f85eac8c78286172c209

  • SHA512

    759bc77a2595af11f910e4addb9d06492110a1af062c2dc98648e929a79fe0eccf911418026697d67bfe0428c5b8a965a98d3d1247d80d2ac2f40b695e185cd7

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://smkbudiagung.com/wp-content/VoPg04/
exe.dropper

https://ats-tx.com/old/f1X/
exe.dropper

http://avanttipisos.com.br/catalogo-virtual/U/
exe.dropper

http://mpeakecreations.co.za/cgi-bin/vVk1rw/
exe.dropper

http://adres-ug.ru/wp-admin/IItD/
exe.dropper

https://theraven.pk/overwolf-r6-vdace/UH4fL/
exe.dropper

http://bhar.com.br/elementos/MQfB/

Targets

    • Target

      Liste-70497 462123797.doc

    • Size

      158KB

    • MD5

      e6fa06f6b8a4fc18b58ab391ef19cba9

    • SHA1

      79e39537c6deeb162756e2dfe7a3f77c0f96d1e2

    • SHA256

      9c79e7b9f68462cc7dc5a5e149b64d277c92a2edb2c6f85eac8c78286172c209

    • SHA512

      759bc77a2595af11f910e4addb9d06492110a1af062c2dc98648e929a79fe0eccf911418026697d67bfe0428c5b8a965a98d3d1247d80d2ac2f40b695e185cd7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks