Overview

overview

10

Static

static

8

《贵州�...��.doc

windows7-x64

4

《贵州�...��.doc

windows10-2004-x64

1

关于征�...��.doc

windows7-x64

4

关于征�...��.doc

windows10-2004-x64

1

附件3.�...��.xls

windows7-x64

10

附件3.�...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2c24c74e6704bcedc6df7b2078e0f7d812491cab5bcb369a40b3da62c5002f0

  • Size

    53KB

  • Sample

    221125-x4e4yshg72

  • MD5

    7718601cd5ffbce4434206344c61026a

  • SHA1

    48fe0a2708416fd37c174f2836dedb70e660f9ff

  • SHA256

    b2c24c74e6704bcedc6df7b2078e0f7d812491cab5bcb369a40b3da62c5002f0

  • SHA512

    a193247876ba11b24ffad4f991d9313c79499b2cbcdf40bf5de2d8ab166534fd6d8d7d17066adfc82bf0dbd0bf046d8c77e2f8948ed34a3627db7aae8fde5315

  • SSDEEP

    1536:FmpYoqHD7uHwPBW28oYYfia3gsJy+nw99JvmDCIDef0:kVSyQJWDoLqa3ry+gMdD+0

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      《贵州省农村信用社诉讼代理管理(暂行)办法》(征求意见稿).doc

    • Size

      85KB

    • MD5

      f51364aa94ae2d01d8e4c7904ed65fa1

    • SHA1

      24ea243201b923774498652839a5c1aa7448b9d4

    • SHA256

      9b2db3b1004f0848ab99e899d55186352d8b74c67c8455cafcafce2b3017e332

    • SHA512

      8da7583025d9d6941e91ca3276a02b58b5082efdf0ce3841b9996006d004260dff891df8035ca2c2835499a76800589b3ab35635a89b5c47e3120610e06f34bd

    • SSDEEP

      768:q9ux9EGPlTcWdtkN65A9TI/Yq0U9QgcrZwcgDe+kZsQNbK5Z:qW9EGzkruYjU9QgcNwcH+kZs8

    Score
    4/10
    behavioral1behavioral2

    • Target

      关于征求《贵州农村信用社诉讼代理管理(暂行)办法》意见的通知.doc

    • Size

      20KB

    • MD5

      6590c677d3878e8d59971fef22ada318

    • SHA1

      6bee73835e296cb21ccfd1c055e8802fbbcf367a

    • SHA256

      a61f6316e55c9d505ce7454c8f2527a4e2f42754ee4b4c81580bedd29dbfcb8d

    • SHA512

      fcd6559ae075e47fec1902c2cdfe9709c1f3cdb443069260847eaa2d9b9b9722438ec9a1f047cb9932ed24b385527d7af5f3aa4c2ef91c6a568a728841ea9f4b

    • SSDEEP

      96:O5pYOtmgsSqr25eyZLWdugj/O5W/riGypw/CJ1mz:O2S55v69biKipL

    Score
    4/10
    behavioral3behavioral4

    • Target

      附件3.贵州省农村信用社诉讼代理情况统计表.xls

    • Size

      94KB

    • MD5

      dc6edac97e74436f15c7a99d2e33ff72

    • SHA1

      6f3e881eb6f5657baf8c4666fa4db1f1302759fd

    • SHA256

      77e8d430646fee3f512edaf76bb2e2d0762a11595af1b87b6ede82eae8cba227

    • SHA512

      0e12835ae000ae19db1a29cc3991c2b4e84ecee491aed6f7072bf37e65ab859a60313ad625910ce6f0c877f97ea302ed38e762fe58c4ffc74b26b557b5e74bd4

    • SSDEEP

      1536:r999X9UgoRGx5/I9RizChe8EmXZ95WfRVQs2jcc0lbxOvTgZEM88kcJtXwd2u:ya2jcc0lbxOrwjnJtXwAu

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks