Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9764759ec720c17f2c01cc2460a85845a954e359da923c9530906cfad2d5557

  • Size

    118KB

  • Sample

    220521-egf4mahcg4

  • MD5

    0739e4e9f3fb65529c39df41b4a8c878

  • SHA1

    ecfaad173d03244894037e630aa5316ca82be45b

  • SHA256

    a9764759ec720c17f2c01cc2460a85845a954e359da923c9530906cfad2d5557

  • SHA512

    ff189774f622450abc423c71cc153ce83539166a87c52008fa4ec62b35ae719c08c4b38a10b0a3d619b4d57f470bcb76990c3bed2f88565e663d78e2a8a6e44c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.agentstepp.com/ww12/6ZI/
exe.dropper

http://badaia.net/baiaseu/m4G4chJ/
exe.dropper

http://www.bambagiotti.it/shop/ymwU6/
exe.dropper

http://bbcalegal.com/attachments/AAyd/
exe.dropper

http://mezes.de/title_htm_files/Mb/
exe.dropper

http://computerfastfix.co.uk/css/DXj/
exe.dropper

http://sacentrs.lv/wp-content/uploads/2018/Cc/

Targets

    • Target

      sample

    • Size

      250KB

    • MD5

      55154bb0488d20fc010ce89b6aa9e431

    • SHA1

      cba37a7e0a011b3ffc10e98cba7e31cd6d48e926

    • SHA256

      e43cc464b6b4836872f6b9646769623cffe18363b47c7cb143c7d2386fb7939b

    • SHA512

      a2d008273b8a06b89a0e69eb5273ac36064ed515d1638984fea409f14dfb6c909976e53308b29857e4ae2a29004dc3f0bd4a1b15876384b0b50862212e4cc7d7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks