Overview

overview

10

Static

static

10

Nbnb_Sub2(1).docx

windows7_x64

7

Nbnb_Sub2(1).docx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nbnb_Sub2(1).docx

  • Size

    10KB

  • Sample

    210520-5prb4j2y36

  • MD5

    0a2953633c663e2cbbf18c656599adf1

  • SHA1

    407913f4ce3b3ed77a58cfba497500fee14f8d1e

  • SHA256

    870881a86f87a49698cdb0f1146e755c875e3f7379ee0378d02e872c7de8f8f5

  • SHA512

    d8b3dbbc16f14fb9de1d6a7486dc5e8de3353a7fec21b3ec08d8368bc9c9eb6eb176271cbeba2f421c9d4f5d5df943eeeb4152af3268791eb96534367043bcc4

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://rotf.lol/3u6d9443

Targets

    • Target

      Nbnb_Sub2(1).docx

    • Size

      10KB

    • MD5

      0a2953633c663e2cbbf18c656599adf1

    • SHA1

      407913f4ce3b3ed77a58cfba497500fee14f8d1e

    • SHA256

      870881a86f87a49698cdb0f1146e755c875e3f7379ee0378d02e872c7de8f8f5

    • SHA512

      d8b3dbbc16f14fb9de1d6a7486dc5e8de3353a7fec21b3ec08d8368bc9c9eb6eb176271cbeba2f421c9d4f5d5df943eeeb4152af3268791eb96534367043bcc4

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks