AuditApr2021.xlsx

General
Target

AuditApr2021.xlsx

Size

457KB

Sample

210722-fxcdejdfm6

Score
10 /10
MD5

583ad904b51ce0851f9f2cb056a9a2e3

SHA1

daa33b986624b2156b336392c4d5cc1ddd184e56

SHA256

95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481

SHA512

ec96716efc1fe8662df5d9f0defa0f9d831a794d96bf8b5ad6c663395dd97c4127dbb4c1e8f73185a001722ef7861bedefda598df91739fd0a43ee05940d8f9c

Malware Config
Targets
Target

AuditApr2021.xlsx

MD5

583ad904b51ce0851f9f2cb056a9a2e3

Filesize

457KB

Score
10 /10
SHA1

daa33b986624b2156b336392c4d5cc1ddd184e56

SHA256

95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481

SHA512

ec96716efc1fe8662df5d9f0defa0f9d831a794d96bf8b5ad6c663395dd97c4127dbb4c1e8f73185a001722ef7861bedefda598df91739fd0a43ee05940d8f9c

Tags

Signatures

  • Cobaltstrike

    Description

    Detected malicious payload which is part of Cobaltstrike.

    Tags

  • Suspicious use of NtCreateUserProcessOtherParentProcess

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          9/10

                          behavioral1

                          10/10

                          behavioral2

                          3/10