Overview

overview

10

Static

static

8

519e42f855...b4.doc

windows7-x64

10

519e42f855...b4.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    519e42f855be287c5e3a84e07db8a58d86398462abe07817337204cddbabd8b4

  • Size

    221KB

  • Sample

    221125-kedhlsdg45

  • MD5

    4f165ae148b9283e91bcf3d3a9bf0a44

  • SHA1

    5cc54269d6e819ee7b02f1e7a95bd30891ca9359

  • SHA256

    519e42f855be287c5e3a84e07db8a58d86398462abe07817337204cddbabd8b4

  • SHA512

    210571b7dbaf43057c67e920cafffb89de11fa3c23ad87bd8fb964faf1f69477f977688ab96b6a39b27ccfceca40e6f6f30fd76c535a9b9f348103df0dfc4334

  • SSDEEP

    6144:kpFpzXNgICyVzU8Ib3GX2BunTUrQK17EA+9:AF8Ib9FIb2X2BKwz5+9

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bayboratek.com/28032019yedek/fd_2/
exe.dropper

http://client.ideatech.pk/wp-content/3_d/
exe.dropper

http://fabric-ville.net/2017/y_J/
exe.dropper

http://hadiyaacoub.com/wp-content/uploads/2019/Mj_W/
exe.dropper

http://himatika.mipa.uns.ac.id/wp-content/By_2/

Targets

    • Target

      519e42f855be287c5e3a84e07db8a58d86398462abe07817337204cddbabd8b4

    • Size

      221KB

    • MD5

      4f165ae148b9283e91bcf3d3a9bf0a44

    • SHA1

      5cc54269d6e819ee7b02f1e7a95bd30891ca9359

    • SHA256

      519e42f855be287c5e3a84e07db8a58d86398462abe07817337204cddbabd8b4

    • SHA512

      210571b7dbaf43057c67e920cafffb89de11fa3c23ad87bd8fb964faf1f69477f977688ab96b6a39b27ccfceca40e6f6f30fd76c535a9b9f348103df0dfc4334

    • SSDEEP

      6144:kpFpzXNgICyVzU8Ib3GX2BunTUrQK17EA+9:AF8Ib9FIb2X2BKwz5+9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks