OfficeConsultPlugin.exe

General
Target

OfficeConsultPlugin.exe

Size

1MB

Sample

210408-9t3lvz311n

Score
7 /10
MD5

fba1fd894b9201a11e866ba58c80ae61

SHA1

89236d9795f1e8db7d895d0e364dd4768ebc6410

SHA256

904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a

SHA512

0d37b91123abb1ded40ae7604980dffa675dcacc1bf772b06e36a2e4c72488558511dd3f8df0fc47d9a6cc870eaef4a9e54a55b20a4432b5802cdeeba327470a

Malware Config
Targets
Target

OfficeConsultPlugin.exe

MD5

fba1fd894b9201a11e866ba58c80ae61

Filesize

1MB

Score
7 /10
SHA1

89236d9795f1e8db7d895d0e364dd4768ebc6410

SHA256

904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a

SHA512

0d37b91123abb1ded40ae7604980dffa675dcacc1bf772b06e36a2e4c72488558511dd3f8df0fc47d9a6cc870eaef4a9e54a55b20a4432b5802cdeeba327470a

Signatures

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        7/10

                        behavioral2

                        7/10