General

  • Target

    Comprovante.ppam

  • Size

    22KB

  • Sample

    211222-frz5xsfaa7

  • MD5

    56fc85bd91e505a96fe56c0881a98d3e

  • SHA1

    8c99de3829f6c5a82d0dd96b55b5ae86b5860f8e

  • SHA256

    62540ba573e873b816d3d956132804254a23207e6bfc9f7a371a68f5aa8090ce

  • SHA512

    51634d291fbc74b5ff6242659f6d2202698c95bc74d4065772db6c69d5031dfa561ceb95d11074e0f3b2030abcb986ce80864bdab1b57341cf0c1d106ed7a7cb

Score
10/10

Malware Config

Targets

    • Target

      Comprovante.ppam

    • Size

      22KB

    • MD5

      56fc85bd91e505a96fe56c0881a98d3e

    • SHA1

      8c99de3829f6c5a82d0dd96b55b5ae86b5860f8e

    • SHA256

      62540ba573e873b816d3d956132804254a23207e6bfc9f7a371a68f5aa8090ce

    • SHA512

      51634d291fbc74b5ff6242659f6d2202698c95bc74d4065772db6c69d5031dfa561ceb95d11074e0f3b2030abcb986ce80864bdab1b57341cf0c1d106ed7a7cb

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks