f6356c5334bb4c962bf47d203ddd6c222a17eee5dda3a9d466273f57c9883a5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payment confirmation CFY 19092211.xlsx
Size

2.7MB
Sample

220928-ha7jsagcfm
MD5

6bf8f67b71837360fa764886b55f2ca0
SHA1

432e670f3e8ed4e6e5fe25ac282b31c2e9b3763e
SHA256

f6356c5334bb4c962bf47d203ddd6c222a17eee5dda3a9d466273f57c9883a5c
SHA512

ad6dfe4dc97e084904b9633feae5116c9270fdd4f649d03b81f3509b532d9331d1a4403eda955e3bc69f591c8c8ad98eba80bf063ba634365fa17b109f27fcd9
SSDEEP

49152:gSEb7FapTNHtyKdCcBFD7iMnmnfdCP3CGq78raHBxSWUxEDj1YYY:gTSNyKmMnmw3CGqbvf/DiYY

Score

8^/10

Malware Config

Targets

- Target
  
  payment confirmation CFY 19092211.xlsx
- Size
  
  2.7MB
- MD5
  
  6bf8f67b71837360fa764886b55f2ca0
- SHA1
  
  432e670f3e8ed4e6e5fe25ac282b31c2e9b3763e
- SHA256
  
  f6356c5334bb4c962bf47d203ddd6c222a17eee5dda3a9d466273f57c9883a5c
- SHA512
  
  ad6dfe4dc97e084904b9633feae5116c9270fdd4f649d03b81f3509b532d9331d1a4403eda955e3bc69f591c8c8ad98eba80bf063ba634365fa17b109f27fcd9
- SSDEEP
  
  49152:gSEb7FapTNHtyKdCcBFD7iMnmnfdCP3CGq78raHBxSWUxEDj1YYY:gTSNyKmMnmw3CGqbvf/DiYY
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2