01798d2ac47e6411220221f2b608f2f5d122efa1439ff0d3c2dcbc5925ae639c

General

Target

01798d2ac47e6411220221f2b608f2f5d122efa1439ff0d3c2dcbc5925ae639c
Size

230KB
Sample

220523-ydrkqsddg8
MD5

4b760e040b90ee17842dde9a176fb47b
SHA1

67357d6bd4265aed6413e82adfa56ae8d1de6c7f
SHA256

01798d2ac47e6411220221f2b608f2f5d122efa1439ff0d3c2dcbc5925ae639c
SHA512

bf8dba2edcf7616bf86252884e08c489d674611210df7becaba5bac55a8a1f967ac059f19864b435c0917f6f76d313cf3e963da5b1de918b766484ff07e572fe

Score

10^/10

macro macro_on_action

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://workcompoptions.com/yZ3Z/

exe.dropper

http://www.bonzi.top/9kD3h9R/

exe.dropper

http://www.pccabogados.com.ar/bS2F/

exe.dropper

https://kinoko.pw/UPS-Service-Invoices-June-020N/rgqNI/

exe.dropper

http://elixirperu.com/fmu7p/

Targets

- Target
  
  01798d2ac47e6411220221f2b608f2f5d122efa1439ff0d3c2dcbc5925ae639c
- Size
  
  230KB
- MD5
  
  4b760e040b90ee17842dde9a176fb47b
- SHA1
  
  67357d6bd4265aed6413e82adfa56ae8d1de6c7f
- SHA256
  
  01798d2ac47e6411220221f2b608f2f5d122efa1439ff0d3c2dcbc5925ae639c
- SHA512
  
  bf8dba2edcf7616bf86252884e08c489d674611210df7becaba5bac55a8a1f967ac059f19864b435c0917f6f76d313cf3e963da5b1de918b766484ff07e572fe
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2