Overview

overview

10

Static

static

8

SecuriteIn...03.doc

windows7_x64

10

SecuriteIn...03.doc

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.O97M.Downloader.40352.29588.9003

  • Size

    156KB

  • Sample

    210309-ztdqxlw6za

  • MD5

    f077a55564f8eaf64ae610d1ef5d2382

  • SHA1

    6b90cde38009f9de581c81ffdc77df0c2af05ffd

  • SHA256

    655cf9cc84285a05fa766502f29bfe0d3a00bc0e6362ec04da5465567c5218d8

  • SHA512

    db33a6c43d369f14eb91113416d2c7b1ce38f2160bb0d1bd3caf3fe8bd49c6222780fbfdd5071d5657261b4e71723509ee89d9753af4d2c8ab837395be3e5fc4

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      SecuriteInfo.com.O97M.Downloader.40352.29588.9003

    • Size

      156KB

    • MD5

      f077a55564f8eaf64ae610d1ef5d2382

    • SHA1

      6b90cde38009f9de581c81ffdc77df0c2af05ffd

    • SHA256

      655cf9cc84285a05fa766502f29bfe0d3a00bc0e6362ec04da5465567c5218d8

    • SHA512

      db33a6c43d369f14eb91113416d2c7b1ce38f2160bb0d1bd3caf3fe8bd49c6222780fbfdd5071d5657261b4e71723509ee89d9753af4d2c8ab837395be3e5fc4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks