Overview

overview

10

Static

static

8

flujakpb.doc

windows7_x64

10

flujakpb.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flujakpb

  • Size

    173KB

  • Sample

    220522-f4gt4sbahl

  • MD5

    9dc6c15bd5cadbea76473ca0a61270d0

  • SHA1

    a1e18ac08b98c88a49da1b8afa527468a102fd0d

  • SHA256

    56916942bc59a1ae0cc030beaf907b54631390e0a5fa7d75bce1f120df88d843

  • SHA512

    ef06ec05fa2463a2f32defb87d796ff0fb88d3d9c8f2169b19683b6620e4e18dab86b69ae8649d59d2cc280293ec1f070443e9d69ad7018b20fee14a789f05a4

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://prolicitar.com.br/privilege/VwWMjYDU/
exe.dropper

http://proreclame.nl/assets/Riw/
exe.dropper

http://www.meltonian.net/Blog/Zaviixl730/
exe.dropper

http://www.mollymoody.com/iRVKRMq/
exe.dropper

https://mwrouse.com/cs2300/qVJaPCy/

Targets

    • Target

      flujakpb

    • Size

      173KB

    • MD5

      9dc6c15bd5cadbea76473ca0a61270d0

    • SHA1

      a1e18ac08b98c88a49da1b8afa527468a102fd0d

    • SHA256

      56916942bc59a1ae0cc030beaf907b54631390e0a5fa7d75bce1f120df88d843

    • SHA512

      ef06ec05fa2463a2f32defb87d796ff0fb88d3d9c8f2169b19683b6620e4e18dab86b69ae8649d59d2cc280293ec1f070443e9d69ad7018b20fee14a789f05a4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks