General

  • Target

    PaySlip140121.xls

  • Size

    228KB

  • Sample

    210119-mtbzfsax4j

  • MD5

    45ce32bf7aa558411aafeb109f0d6e08

  • SHA1

    41b37cc0c3eedb319846fc2a1a6f90b5bcbf16a8

  • SHA256

    e7037dbffd138eb3cb17336a3b50aa9d82613125ce7d66dc7a125f09198e3a82

  • SHA512

    c3ed5c81264f948854f4f40e81f2ffc6479e056bc9486c14f954daec8e23b1e0fd6c5ed0a3f830724f2585d90b9da6b86c11b409f2ba441516be7869ad5e794e

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cutt.ly/fjYtydH

Targets

    • Target

      PaySlip140121.xls

    • Size

      228KB

    • MD5

      45ce32bf7aa558411aafeb109f0d6e08

    • SHA1

      41b37cc0c3eedb319846fc2a1a6f90b5bcbf16a8

    • SHA256

      e7037dbffd138eb3cb17336a3b50aa9d82613125ce7d66dc7a125f09198e3a82

    • SHA512

      c3ed5c81264f948854f4f40e81f2ffc6479e056bc9486c14f954daec8e23b1e0fd6c5ed0a3f830724f2585d90b9da6b86c11b409f2ba441516be7869ad5e794e

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks