Overview

overview

10

Static

static

8

fduomqnc.doc

windows7_x64

10

fduomqnc.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fduomqnc

  • Size

    216KB

  • Sample

    220522-f3zcrsbafk

  • MD5

    80f78062c11932ae00aa14f7a96a12a9

  • SHA1

    d953f5005efbd1be81c3c0a119428f098fb197fe

  • SHA256

    1c0e6f262dbb5daaeb5d55f21b3dcaf2eb946ddc39b326e4a7e7c1399e314c68

  • SHA512

    b762249a76643ce0c3b04c219b9034d5e285f0bcc90c0ff90c1e43bead26faa0a8078482760b33d2e72aec202d8428525a884c8bd0bb90f307967481059312f6

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://aboveandbelow.com.au/cgi-bin/Lbi20Tu/
exe.dropper

https://amacshowerscreens.com.au/wp-includes/K5/
exe.dropper

http://athleteacademy.net/wp-admin/VDDlV/
exe.dropper

http://www.jayamelectronics.com/assets/TwgdI/
exe.dropper

http://intelligence.com.sg/registration/JGX3I/
exe.dropper

http://sorvetesbrotinho.com.br/novo/8edJm/
exe.dropper

http://printed.com.mx/fonts/E6a/

Targets

    • Target

      fduomqnc

    • Size

      216KB

    • MD5

      80f78062c11932ae00aa14f7a96a12a9

    • SHA1

      d953f5005efbd1be81c3c0a119428f098fb197fe

    • SHA256

      1c0e6f262dbb5daaeb5d55f21b3dcaf2eb946ddc39b326e4a7e7c1399e314c68

    • SHA512

      b762249a76643ce0c3b04c219b9034d5e285f0bcc90c0ff90c1e43bead26faa0a8078482760b33d2e72aec202d8428525a884c8bd0bb90f307967481059312f6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks