Overview

overview

10

Static

static

8

Reciept 4846765.xlsb

windows7_x64

10

Reciept 4846765.xlsb

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Reciept 4846765.xlsb

  • Size

    134KB

  • Sample

    210702-cn5wqk129n

  • MD5

    cdb6138ff4ea7542bc16b7ed16dad315

  • SHA1

    de8aa97c4bc6ae869f8609cb55b841e34b9e3a19

  • SHA256

    4f096a8c2bfe78d9ed6d36423e9412efd7676717c98185f7244387279a608cbe

  • SHA512

    a1a5460fa20e368970ebb39e7a9b1c3d55d4baf583cc938af0cacb62fb523e72b47f48340bc2fbbf9fb293d0f9217aac360d6d652cf86ab02fc4cf1ac44aa71b

Score
10/10
cobaltstrikebackdoorcryptonemacropackertrojan

Malware Config

Targets

    • Target

      Reciept 4846765.xlsb

    • Size

      134KB

    • MD5

      cdb6138ff4ea7542bc16b7ed16dad315

    • SHA1

      de8aa97c4bc6ae869f8609cb55b841e34b9e3a19

    • SHA256

      4f096a8c2bfe78d9ed6d36423e9412efd7676717c98185f7244387279a608cbe

    • SHA512

      a1a5460fa20e368970ebb39e7a9b1c3d55d4baf583cc938af0cacb62fb523e72b47f48340bc2fbbf9fb293d0f9217aac360d6d652cf86ab02fc4cf1ac44aa71b

    Score
    10/10
    cobaltstrikebackdoorcryptonepackertrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks