Overview

overview

10

Static

static

8

e5fc03b4e3...64.doc

windows7_x64

10

e5fc03b4e3...64.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864

  • Size

    87KB

  • Sample

    210115-zjjvve7ada

  • MD5

    3ab2daf32a000abd8a5dc328235f51f9

  • SHA1

    d6dca90e6b8e05a9aff966becf5d3b9fea0256fc

  • SHA256

    e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864

  • SHA512

    9cff3d95de479d3a48adbc1e1a4ad7dacbbf0d0f27cb6276e39da38a4bcea383f20a79feb0fee1d19d5f8c09941e8e648741e208d6655e688d51d6b37c2be480

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://globalruraldevelopmentagency.co.za/cgi-bin/inf/
exe.dropper

https://trioconcuerda.es/cgi-bin/Services/
exe.dropper

http://abbc.tv/wp-content/Triedit/
exe.dropper

http://asafina.co/wp-content/G3GLLO/
exe.dropper

http://bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
exe.dropper

http://larissarobles.com/wp-admin/SIGNUP/

Targets

    • Target

      e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864

    • Size

      87KB

    • MD5

      3ab2daf32a000abd8a5dc328235f51f9

    • SHA1

      d6dca90e6b8e05a9aff966becf5d3b9fea0256fc

    • SHA256

      e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864

    • SHA512

      9cff3d95de479d3a48adbc1e1a4ad7dacbbf0d0f27cb6276e39da38a4bcea383f20a79feb0fee1d19d5f8c09941e8e648741e208d6655e688d51d6b37c2be480

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks