Overview

overview

10

Static

static

10

OFFER LETTER.docx

windows7_x64

7

OFFER LETTER.docx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OFFER LETTER.docx

  • Size

    10KB

  • Sample

    210528-xv1rpk8ywa

  • MD5

    94acea4fc503e1262d8c08c7122531c7

  • SHA1

    dbd4b7c4b7bb18568881cfbea8d214c8b9b720e8

  • SHA256

    9e3b9c53eb36e3ed1630f87b369e72c4b03a28802922924a153245b1a5152663

  • SHA512

    d4a64286f17acfd63d70958bc3b682db29720b9bf5c1e355e5e10de3e3354995c850fe038d93a732d7d0ebe6123afa6acf23333660c142210f54c2f8558517b9

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://cutt.ly/2ntJmOt

Targets

    • Target

      OFFER LETTER.docx

    • Size

      10KB

    • MD5

      94acea4fc503e1262d8c08c7122531c7

    • SHA1

      dbd4b7c4b7bb18568881cfbea8d214c8b9b720e8

    • SHA256

      9e3b9c53eb36e3ed1630f87b369e72c4b03a28802922924a153245b1a5152663

    • SHA512

      d4a64286f17acfd63d70958bc3b682db29720b9bf5c1e355e5e10de3e3354995c850fe038d93a732d7d0ebe6123afa6acf23333660c142210f54c2f8558517b9

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks