Overview

overview

10

Static

static

8

fxtidglj.doc

windows7_x64

10

fxtidglj.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fxtidglj

  • Size

    195KB

  • Sample

    220522-f4qr1sbban

  • MD5

    2ff53c10a0d9f280aaa172284df6bed0

  • SHA1

    3cd3a1a3c266acd3e139ad0e9afc623061b0c0dd

  • SHA256

    33bab5da95407fde0ab439aa5942622a7e1286cb5ad74d4e55689fa5c59f8559

  • SHA512

    17b0283e2bafb97dbaa5934cfc2620d56eb8f0c6acb0f24b709c904295d8783e84db55273281322a55889f79b14cd0a579d095f8037f29eeced2766609011dfd

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://vstbar.com/wp-admin/Hs/
exe.dropper

http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
exe.dropper

http://shahqutubuddin.org/U/
exe.dropper

http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
exe.dropper

https://star-speed.vip/wp-admin/Ttv/
exe.dropper

https://treneg.com.br/rfvmbh/a/
exe.dropper

https://cimsjr.com/hospital/x2f/

Targets

    • Target

      fxtidglj

    • Size

      195KB

    • MD5

      2ff53c10a0d9f280aaa172284df6bed0

    • SHA1

      3cd3a1a3c266acd3e139ad0e9afc623061b0c0dd

    • SHA256

      33bab5da95407fde0ab439aa5942622a7e1286cb5ad74d4e55689fa5c59f8559

    • SHA512

      17b0283e2bafb97dbaa5934cfc2620d56eb8f0c6acb0f24b709c904295d8783e84db55273281322a55889f79b14cd0a579d095f8037f29eeced2766609011dfd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks