Overview

overview

10

Static

static

8

rheinmetal...ts.doc

windows7_x64

10

rheinmetal...ts.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rheinmetall_job_requirements.doc

  • Size

    1.4MB

  • Sample

    210505-sbl9r7g4ba

  • MD5

    f86fb4a63cdff302af2ccf2b2663d757

  • SHA1

    3d57c7680f3f9351164f75a7d477a815e39b0389

  • SHA256

    ffec6e6d4e314f64f5d31c62024252abde7f77acdd63991cb16923ff17828885

  • SHA512

    ca6ae1fb6c50e1915e320e7dd6a663bb4fbd0f537a5ab6d3135e07ea69e57e5a9113703378c7b72c9598cb8aea8750a5d35e1d03a097ceb25cc486cf29f80cf4

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      rheinmetall_job_requirements.doc

    • Size

      1.4MB

    • MD5

      f86fb4a63cdff302af2ccf2b2663d757

    • SHA1

      3d57c7680f3f9351164f75a7d477a815e39b0389

    • SHA256

      ffec6e6d4e314f64f5d31c62024252abde7f77acdd63991cb16923ff17828885

    • SHA512

      ca6ae1fb6c50e1915e320e7dd6a663bb4fbd0f537a5ab6d3135e07ea69e57e5a9113703378c7b72c9598cb8aea8750a5d35e1d03a097ceb25cc486cf29f80cf4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks