Overview

overview

10

Static

static

10

Euro_payment.docx

windows7_x64

7

Euro_payment.docx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Euro_payment.docx

  • Size

    10KB

  • Sample

    210615-tlefs3kvsx

  • MD5

    a51879d47f2c71bebb7dcd68a1270d4b

  • SHA1

    e510847f02658b17dd5ecb6df72272bfda5ac27e

  • SHA256

    d322710c410cb2294867c4bc709a6b8e419369ba3f956cb2fbc792db1cd5921a

  • SHA512

    98d36d0dcbabc0d943e2bf3e430c0b97155ab40cf5705d35833da7cde16f2c29121dc1eb2d9de083e3aa29cba52910a9f1d8425effc64ec1aeaa944029bc996c

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://csodamalom.hu/system/image/s.wbk

Targets

    • Target

      Euro_payment.docx

    • Size

      10KB

    • MD5

      a51879d47f2c71bebb7dcd68a1270d4b

    • SHA1

      e510847f02658b17dd5ecb6df72272bfda5ac27e

    • SHA256

      d322710c410cb2294867c4bc709a6b8e419369ba3f956cb2fbc792db1cd5921a

    • SHA512

      98d36d0dcbabc0d943e2bf3e430c0b97155ab40cf5705d35833da7cde16f2c29121dc1eb2d9de083e3aa29cba52910a9f1d8425effc64ec1aeaa944029bc996c

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks