Overview

overview

10

Static

static

8

RFP_Allian...22.doc

windows7_x64

10

RFP_Allian...22.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFP_AllianxMexico_2022.doc

  • Size

    3.2MB

  • Sample

    220124-2g79fabebj

  • MD5

    b371e1c2ca2e5718e151760bc4664366

  • SHA1

    73457d23e5235df0fcfbf6547aaf26cccc765011

  • SHA256

    3542078fd524e3cb141d5bebf96aea73467505a07ae72fc58395afa14f22e8a3

  • SHA512

    b6d4ae4f09c8bb660d46dba8cce9a28a811af28f9364e38dc58da85bff011bf6ac21130a790a96ed9f015f27a916f6d8090a1712bb3f6192412f38381a7f4486

Score
10/10
cobaltstrikebackdoormacromacro_on_actiontrojan

Malware Config

Targets

    • Target

      RFP_AllianxMexico_2022.doc

    • Size

      3.2MB

    • MD5

      b371e1c2ca2e5718e151760bc4664366

    • SHA1

      73457d23e5235df0fcfbf6547aaf26cccc765011

    • SHA256

      3542078fd524e3cb141d5bebf96aea73467505a07ae72fc58395afa14f22e8a3

    • SHA512

      b6d4ae4f09c8bb660d46dba8cce9a28a811af28f9364e38dc58da85bff011bf6ac21130a790a96ed9f015f27a916f6d8090a1712bb3f6192412f38381a7f4486

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks