Resubmissions

15-04-2021 14:52

210415-yq44wm2vx6 8

15-04-2021 14:46

210415-pceqx9e4ts 8

General

  • Target

    PO_723_057_35.xls

  • Size

    342KB

  • Sample

    210415-yq44wm2vx6

  • MD5

    f264b8c58febaa3f3eea9a8c83c78cbf

  • SHA1

    36010881f4c3e15878bb3d5e76bc443d82827ebe

  • SHA256

    db66b26d04c77e03bbf22957af34ba2b5817c397036ab8d4b7c222ec1b1ff40e

  • SHA512

    a60be6e617f2704c3dfdc7bcc06e2426f5c52e56da447c92c94e1ce3d118c27b0ef180845557abf3c1d6a63de4f85b93c11eac06bb7bc51c17934406c797f912

Malware Config

Targets

    • Target

      PO_723_057_35.xls

    • Size

      342KB

    • MD5

      f264b8c58febaa3f3eea9a8c83c78cbf

    • SHA1

      36010881f4c3e15878bb3d5e76bc443d82827ebe

    • SHA256

      db66b26d04c77e03bbf22957af34ba2b5817c397036ab8d4b7c222ec1b1ff40e

    • SHA512

      a60be6e617f2704c3dfdc7bcc06e2426f5c52e56da447c92c94e1ce3d118c27b0ef180845557abf3c1d6a63de4f85b93c11eac06bb7bc51c17934406c797f912

    Score
    8/10
    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks