Resubmissions

21-06-2021 06:21

210621-4v8rgf3hkn 10

21-06-2021 06:18

210621-6nfxrqj3aj 10

General

  • Target

    New Order- Request for Proforma Invoice.docx

  • Size

    10KB

  • Sample

    210621-4v8rgf3hkn

  • MD5

    bdbe43fde60af6dcb046c93626052c0a

  • SHA1

    6b22c4939e1621f14b2ba46fd9f6e06e87455115

  • SHA256

    a7dd50ba3d590cc74efad367ea8bb4a478f3206671f224de0a04422b2ced200e

  • SHA512

    8623d1f3ce21e622da3eed0ba9ddb156abb7df1df8897e19ebb1f35ba2500713927213d2b0e998ca0cd463e528662c74fbdd950f6146b3a40879f0569da80c9e

Score
10/10

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://system32dummy_username@0306.0014.0133.0240/-................-.....................................................--.-.-/............................................................wiz

Targets

    • Target

      New Order- Request for Proforma Invoice.docx

    • Size

      10KB

    • MD5

      bdbe43fde60af6dcb046c93626052c0a

    • SHA1

      6b22c4939e1621f14b2ba46fd9f6e06e87455115

    • SHA256

      a7dd50ba3d590cc74efad367ea8bb4a478f3206671f224de0a04422b2ced200e

    • SHA512

      8623d1f3ce21e622da3eed0ba9ddb156abb7df1df8897e19ebb1f35ba2500713927213d2b0e998ca0cd463e528662c74fbdd950f6146b3a40879f0569da80c9e

    Score
    7/10
    • Abuses OpenXML format to download file from external location

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks