Overview

overview

10

Static

static

8

DAG3HZMYGXISZJ.docm

windows7_x64

10

DAG3HZMYGXISZJ.docm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DAG3HZMYGXISZJ.docm.zip

  • Size

    129KB

  • Sample

    211117-g5za8aeear

  • MD5

    8acf79bc098f4360bbba2ab3ee0fa5f9

  • SHA1

    fd53560e467ebadf0d78377602713a355eeb7f82

  • SHA256

    8ae2b2038fbe66e886ad82c63d17b00b380bbd1d4bdaebb6fd1c0b77c6605e2a

  • SHA512

    aab5ba939a555c6132ee2220f2e9d905bd013e7f4d038b8a9d29f0bab6fe13240249faefcc4f115277d0b3338b3b634d35ebb2cc91e1c093a91eefc8b197efa8

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://evgeniys.ru/sap-logs/D6/
exe.dropper

http://crownadvertising.ca/wp-includes/OxiAACCoic/
exe.dropper

https://cars-taxonomy.mywebartist.eu/-/BPCahsAFjwF/
exe.dropper

http://immoinvest.com.br/blog_old/wp-admin/luoT/
exe.dropper

https://yoho.love/wp-content/e4laFBDXIvYT6O/
exe.dropper

https://www.168801.xyz/wp-content/6J3CV4meLxvZP/
exe.dropper

https://www.pasionportufuturo.pe/wp-content/XUBS/

Targets

    • Target

      DAG3HZMYGXISZJ.docm

    • Size

      140KB

    • MD5

      391dca4cf91ae12aa1b5ac9d0ac3ec41

    • SHA1

      47cfcf587d838f68a8f8df53ea3afae475436992

    • SHA256

      06012c700c1dac4c122303e920fdf1c71c41e681673c241c9698e5766df275a8

    • SHA512

      de299156048c8cb81fe9a5e839442347d118b9de47b353500647a73d4b97f010dcef6d6eb3c7ee9b04874010efd0b9f3b8790f8f9013a47271528eaed1be0c41

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks