4f86706094fda2128d60a6021e2f4f0268793c1d2deeb9f23e608b06b0e9179f

Sharing

Copy URL

Twitter E-mail

General

Target

4f86706094fda2128d60a6021e2f4f0268793c1d2deeb9f23e608b06b0e9179f
Size

2.0MB
Sample

221125-x5mkesch8y
MD5

894c5e281ad49418bec6b61fdab4bfe0
SHA1

832b6a89231f3d9876b6ea1a848e24952f9f0962
SHA256

4f86706094fda2128d60a6021e2f4f0268793c1d2deeb9f23e608b06b0e9179f
SHA512

770982151cbf4ef6afc7a66d277ad12b4504029d3a7af4c4460c318b55cf3d30e8b8a209d04869e4ce35876fb9a9c4978c388759fbe0af9119557cfbd45f32f3
SSDEEP

49152:VneQqV6H4N7U6E+SiXGRz+NFlAf9DdWS/qORhUXgJLNef4:VefWsrENqi+NS/WS/3RhegJLNeQ

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  Ҵֱ20%ϵ/K4ĿɱĶԱȼָ꣨һΣ4.17.xlsx
- Size
  
  20KB
- MD5
  
  533f04dc35371b3561b7e4d10fc22ed1
- SHA1
  
  b6a4b9f0f642c36a3e88806d19150d299b0cc27b
- SHA256
  
  0038abade2b805ab94689752e8ae15cf99dcc9aba5acdf74c77502a89bcee2bd
- SHA512
  
  74eb3fd57191571ed843db53565c82db7b4412e0745f59ad1c6dc6f4542fbe3b1268ffcd13d8b57ae4f461aa2bf09162b861ef0acc22ea6772521f6f50346000
- SSDEEP
  
  384:x5TxQRP5fyHzgnEUUzRoyeQGJVJUDMEtdmiGe98U5vnbXozP:LTaRPgHz3ddoyRGZUDjtdJKgvnboT
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ҵֱ20%ϵ/K4һθ¥һ-20140331.xlsx
- Size
  
  14KB
- MD5
  
  7a9337c31801829801a391b601e1edda
- SHA1
  
  fec5b53213460af278a7216435490a2e88a516c2
- SHA256
  
  4bc7ba480cf0d23b8b198773a7fe71bbfddf2fc453c1f98ee175e10e9268d64a
- SHA512
  
  bc29ba9d204cdef049a3c7ad8b07e7239bf90d581aadc367c3076e0ef14f9eeaad9bf8b582d73baef55164fc6a9bd706774177efec2987b8b6edfb523a2635d7
- SSDEEP
  
  192:8kuQY0yHzgnazzSn6cDT2M63ZoH2USGMHJkeulNOiwuAQfmsiJlBACuXcaN/:z7yHzgnEzSn6cDTjtMHJzdiwHQufwcG/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Ҵֱ20%ϵ//K4ܶտϣһΣ9.10.xls
- Size
  
  3.8MB
- MD5
  
  5034b373deecdf5033842f862fe84017
- SHA1
  
  1d6c5eca4e7c46c088469fb2467c156d1d4f01aa
- SHA256
  
  7e28d57e91aa0641833ae349b3fe7f7744b7e9b44f9c4b4d07b4beb6efad15e0
- SHA512
  
  b850379d21ec58b70e4a5d5d8f1efd3517b7a8692dbe6e3bc74e2109e6e7eea44ddf283424aa14a1215d972bfa1319f5d511bb16c3420f6f07640a64a8144425
- SSDEEP
  
  24576:Z/PeImtz+7l/XcHsIDUEEOCeZNIGb3tgjXBwcN62RViq5HSU6cHj0UiYiq15R4Zn:mztUL9/MEYl
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral5 behavioral6
- Target
  
  Ҵֱ20%ϵ//ֱͶӰ豸ܷ.xls
- Size
  
  90KB
- MD5
  
  50c67f1f59e912b12ce0715bc6a05a88
- SHA1
  
  6f98084fce105bd661345c244cd4c3d0e24bb5af
- SHA256
  
  a1bf1157d9a6a3b98da4aa678a85ab31ef5c29ea0ee708dd8ded86d41c3e8430
- SHA512
  
  e5d79e6b53ab7df690c846699706328098e6bfba6e31f23b62300b3a4e24d939b949f37ce5303b3cf2e03659b3803b911886e37fe5ea1776b37ac63887965cc8
- SSDEEP
  
  1536:dBuuuO6HmVnLziCdymRxoiKTMEGw1gxv7yZmspH7+cclKiEZClsQ6NqTBun5oBNS:djw1gxv7yZmspH7+cclKisQ6NqTBun59
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral7 behavioral8
- Target
  
  Ҵֱ20%ϵ/߲/K4߲һ10.28.xls
- Size
  
  1.3MB
- MD5
  
  21540c1229339631c50a436ba8495563
- SHA1
  
  b477b802a7d4ded7dc7eb352b724566499b1a642
- SHA256
  
  ea321a3f8f10906abda978e4778c9ffde3b2fed64fa4905964bd1b4a55005952
- SHA512
  
  8ecc4e8d35e8db646f3caee13cc3deba80702f485c488cc7c51a00e3343237265cb0ea0e9e6d0bca67eee93dc20a680f2e93a888de6048a47937d98e211f64fb
- SSDEEP
  
  12288:t919XK0Z/Z7Mbr4Jv5+t7dElqIxb+8ylA3EvXd:fOt7WlbxbL3E
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral10 behavioral9
- Target
  
  Ҵֱ20%ϵ/߲/ïK4ؿA1~A4_㷶Χ˵.doc
- Size
  
  18KB
- MD5
  
  3bb6e29813b6bdafebef9accf67cee71
- SHA1
  
  4a4aa993c42db08006af3c1281f8f09afa4021d7
- SHA256
  
  83ef90870a93096d584ecff18e1096013965c95f8c138de2cf82a822d5245ddc
- SHA512
  
  ee13879b13c91c9af8cb0fcac763a7f3c1c68bb57f149283ff58ac24a94f3ef2fd21c1811675923afb8760f45df401052a0b4660b40bf3ed47448e11a8f84247
- SSDEEP
  
  192:y4Q5o7CS9nt3g1sEkV6OkXC/I/ch9Q0rHhw888j/Hh////Hh//////Q0x0//VhHk:CG7CS/3gyLxkXCVqyarfMVH
Score

4^/10
behavioral11 behavioral12
- Target
  
  Ҵֱ20%ϵ/ۻܱ.xlsx
- Size
  
  17KB
- MD5
  
  67c5392be0f1128d7caadf743d886459
- SHA1
  
  c589fa5aea540796bd804df66f07f043c9eeff1a
- SHA256
  
  50256123f9a2466a62bc4d2e79ebae6dc94e6b3002cca9cf3bb7afc3d9803e2d
- SHA512
  
  c6d521b64b781146752d789552579c0cfc27d331fa07b0385f9e256b99e6b9a82c66d5919db341cb2c958f46232486c55eb4a1eaccf7c9f7de3f9f5618ce40b0
- SSDEEP
  
  384:YBzK4GRSNnaoyHzgnEkK2PvRYJ+5Kv/mm3uN3YMIlS1cAtMfWCul:YBYRSAhHz3OP5DcvdlShtZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  Ҵֱ20%ϵ//04ĿɱԱ.xlsx
- Size
  
  16KB
- MD5
  
  9705d07f582a509b8b02558a4b3b5ade
- SHA1
  
  e247cb1c838d2dc473ecdcfdd8dbe699d7d4de8f
- SHA256
  
  745bd63d1121984d9f91457aad93a19f0f858dfca3b90b40e9867178b8ed7510
- SHA512
  
  6bba9ed372ff260ef25c2bb1e85516210dc9937a6ce9bcea40ca6875bbfb741c34d1aaf6e68560fc91f18131f4e9b854638c5e967fdea58ed9b4150a44ff1571
- SSDEEP
  
  384:Z2+NE9RnOrLdWOXdAGrdMUu4En73G+VSlEcxwD7KptN:w+NETOPdvXbUn7zklEcuD7gN
Score

1^/10
behavioral15 behavioral16
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-19嵥.xls
- Size
  
  113KB
- MD5
  
  d2d8300ed8d385454b0e6d8fa457c52f
- SHA1
  
  d81b6c8f51063a5db68651902c99f10f89a07410
- SHA256
  
  2a1d00d8aef1ff8ad1bbadede784cd0ad3512317ea6cee70a6b8f253c734c8ba
- SHA512
  
  9f1a62372eb2e061555b2076a3eda6514e0c09865e7910bcedf1438919ab84893c1c0bbcbc95eefaaa644b1c074d9d9d2a6a83c919ef0650e03f4f365163b8ca
- SSDEEP
  
  1536:tvvvqei5iecV9+iFU8j1VvaTbiGw2/vzr5TvqgiecV9+5FU8j1Vvi39Iz6EX0TNX:5EXA0dHbZWvhJH4Etp9819m
Score

1^/10
behavioral17 behavioral18
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-1~2嵥.xls
- Size
  
  87KB
- MD5
  
  3729deae8427dae50bf44dca1190fc17
- SHA1
  
  f0334ddd07cd728824d1eb8eafe452f5d8de1e9a
- SHA256
  
  4d6fd1d949717e1d74453ec028b37fc52505b82052fe0b73812f3d7b4009e334
- SHA512
  
  9c88ce12ecd2047ff369e8d33a1afb306de46fd8585e79af703931de4e3a280504d393b2fdb5c37775c0542d5f02001dbf69b38f39558c0c7d358cf79d9a5332
- SSDEEP
  
  1536:tvvvqei5iecV9+iFU8j1VvaTbiGw2/9Izrvi7diceNBJXAR48r5wW7oK8EzS6DwZ:E7sXg7r5j7oK8EzS6DwuilvoKTPk2BX/
Score

1^/10
behavioral19 behavioral20
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-20嵥.xls
- Size
  
  109KB
- MD5
  
  51958a938144cc12f9b140c5c116d163
- SHA1
  
  a8a00ef6e8d9666c3663c48d2f9106a20d7245bf
- SHA256
  
  024fb905d8bb1d7ee44394c426edcbc11bb1b3ce85f27bf1e9fb2f5581a61d32
- SHA512
  
  861355597ad2260cdf086ecd61298b48f3f59c3410fbfbac5004351d7174e41bca98283a27f8bfd399eb5964ad7bcbb793d575bcf51632482e92df569d56bbfd
- SSDEEP
  
  1536:Pvvvqei5iecV9+iFU8j1VvaTbiGw2/v9Izri5vqgiecV9+5FU8j1Vv39IzrwZNyx:mZNufgkLkqmc3LVfyG7VizMs0zz
Score

1^/10
behavioral21 behavioral22
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-21嵥.xls
- Size
  
  122KB
- MD5
  
  215dfc5c533912f3dd5c244f7a936317
- SHA1
  
  637f353dd5724e7df8ca77409d9791b8a7db661e
- SHA256
  
  eb4cc2208d69de3b88cd98a7b84846d21b58fe536f06916df64b0fb884b0d915
- SHA512
  
  515fca308f3e923a3f59f2314607f591c1c974cfbc7e7793f0d3c730025fa320c00ae93160570f564d2dbdf2aef9c506625f19b10287f3f7a7379c33e33e1d07
- SSDEEP
  
  1536:Pvvvqei5iecV9+iFU8j1VvaTbiGw2/v9Izr5ivqgiecV9+5FU8j1Vv39ICyNPTNP:AyNBUgbMtkPmsg3qw54M+Snixnuol
Score

1^/10
behavioral23 behavioral24
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-22嵥.xls
- Size
  
  101KB
- MD5
  
  4e490508a572e7cd55256e4aceb90f7d
- SHA1
  
  cc2f74fd4df511a335d3980464345727459bc0d2
- SHA256
  
  d054f3f49e4d859edb2ba6e7310bb7c8cd8462330cb6fcb8092c13620f136d88
- SHA512
  
  b04c55cf32c1696e7f9bc151e41ce77c510bcf762fd143df0e9a9659a5959cc00af44f755d76bdf099d45a36566bf0162fe459ad7758435292dcef06f9c712a6
- SSDEEP
  
  3072:czShJDaYmO+o3MVH0ONrjxl63TDq94vM:vXm63TO4v
Score

1^/10
behavioral25 behavioral26
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-23嵥.xls
- Size
  
  111KB
- MD5
  
  4b41aae35ded32d4d6d51d6e605dfc98
- SHA1
  
  79ed0a0170385a7ef2900ffe35480125f940af2d
- SHA256
  
  9478880bbf734b7c53d3a7809deb629b766afecf812f89c0504581154811d8da
- SHA512
  
  db89acd0ceec05a2dd65b26c897b8629a7568b08ecdf6e720ac2f8df007e6414ba880c37b12959caf1dead666300ff701ba545b02651ff8a36a70603efd1cd31
- SSDEEP
  
  1536:bvvvqei5iecV9+iFU8j1VvaTbiGw2/v9zri5vqgiecV9+5FU8j1Vv39zr5k+K6TS:0+K2c5O/Nektwua870MqLiS
Score

1^/10
behavioral27 behavioral28
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-24嵥.xls
- Size
  
  103KB
- MD5
  
  620ba292769e71aef95ca221aa47338e
- SHA1
  
  4dec752c758cfdda4445afaac59b07f6f03af7ca
- SHA256
  
  c1f9e84860f317f557d1748ac9cf2d21c4314c1989d7d6d27d4897e0c2a32b66
- SHA512
  
  1c4a3b035c44241ebfbaab77459e2b896778d8bd141f7ee7b2f2998f4ee23fcd700e48a01050f77ccaaf24d2c9c74bd9cfa7a338a0d829ab5704d6171218979d
- SSDEEP
  
  1536:avvvqei5iecV9+iFU8j1VvaTbiGw2/v9tGoice5nPXyrb/yEacvToAvjZJGvMMuU:vwO7EcZwkMulSd
Score

1^/10
behavioral29 behavioral30
- Target
  
  Ҵֱ20%ϵ//K4ؿܰ1ۺϻ2014.3.31/01ܶ嵥/01嵥/B-25嵥.xls
- Size
  
  102KB
- MD5
  
  076a08ba78cd69e24a567edaf66b34f8
- SHA1
  
  0d5d3ddf382e0b5732d70dfafd092e214eca4af0
- SHA256
  
  7136f3f30055b1e0c36666ef117943f65127c3903189cbad041786fdb435c0a2
- SHA512
  
  21fcd6163f69721bc63f1eb25469a02a7ca7788a3c5f09badda766cfe23dcbe8abe2b5454292b3ad964a2a4638ef051e22e9fd81f744caf3fc794d1842c0cc12
- SSDEEP
  
  1536:4vvvqei5iecV9+iFU8j1VvaTbiGw2/zrI9v5mwlEC9iceNvJ/qZ3P5WFt1yKFrU:Nwy3BqZ3P5WFt1y1/c8EWo
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Hidden Files and Directories

T1158

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32