Overview

overview

10

Static

static

8

ͬ�...��.doc

windows7-x64

4

ͬ�...��.doc

windows10-2004-x64

1

ͬ�...¼.doc

windows7-x64

4

ͬ�...¼.doc

windows10-2004-x64

1

ͬ�...��.doc

windows7-x64

4

ͬ�...��.doc

windows10-2004-x64

1

ͬ�...¼.xls

windows7-x64

10

ͬ�...¼.xls

windows10-2004-x64

10

ͬ�...ŵ.xls

windows7-x64

10

ͬ�...ŵ.xls

windows10-2004-x64

10

ͬ�...��.xls

windows7-x64

10

ͬ�...��.xls

windows10-2004-x64

10

ͬ�...��.pdf

windows7-x64

1

ͬ�...��.pdf

windows10-2004-x64

1

ͬ�...¼.xls

windows7-x64

10

ͬ�...¼.xls

windows10-2004-x64

1

ͬ�...��.doc

windows7-x64

4

ͬ�...��.doc

windows10-2004-x64

1

ͬ�...��.pdf

windows7-x64

1

ͬ�...��.pdf

windows10-2004-x64

1

ͬ�...Χ.doc

windows7-x64

4

ͬ�...Χ.doc

windows10-2004-x64

1

ͬ�...Ŀ.pdf

windows7-x64

1

ͬ�...Ŀ.pdf

windows10-2004-x64

1

ͬ�...��.pdf

windows7-x64

1

ͬ�...��.pdf

windows10-2004-x64

1

ͬ�...��.pdf

windows7-x64

1

ͬ�...��.pdf

windows10-2004-x64

1

ͬ�...��.doc

windows7-x64

4

ͬ�...��.doc

windows10-2004-x64

1

ͬ�...��.doc

windows7-x64

4

ͬ�...��.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f73fccc50cda7bc1f80239ec7c5bfaffdca7b62db4623c65944db32c938eefa9

  • Size

    2.9MB

  • Sample

    221127-derlxahe6y

  • MD5

    6ccc0dcc39d4c7ee519aaf2afb1aa9c9

  • SHA1

    3da715a4c2afa232cc3d9787111e63ea66d1b84d

  • SHA256

    f73fccc50cda7bc1f80239ec7c5bfaffdca7b62db4623c65944db32c938eefa9

  • SHA512

    712c11ad5f9503f08ace25b37fd9635c9c4100fe031f68eb06f9705e39cbf5032439cf7c8c13dfc4b0f61fd4ae41268387f53dd6287f672a840a10cb23df4aa9

  • SSDEEP

    49152:BZinZ8xumRBHhyAQJxVh+V+4Ng/JPRaeZpXxJRNgRqAsQYjsnHBTt/I:BZinZnm7HGK+4y/JgepB/NznVj+HBNI

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ͬļ--豸/0.0.doc

    • Size

      30KB

    • MD5

      142c4929ee0eca286fb140cff719cff5

    • SHA1

      4506ea05ba171f19e106274f59807abea326a873

    • SHA256

      4de8933cae605ef5478889f91a15f585d721f002f23838beb4f9099b903fb400

    • SHA512

      257780400f9e7644b2cd3620c48ceaccce4d47be4d95ef613f7b52355eb876333d3c13dc84d8b35e390a853780b34183f8ad4d5325cfb29d9021fdd853844eb5

    • SSDEEP

      384:BII1IIIIntI+IIIIUIIXIIIyIIIIIoIIZnQhTtTEvPT0qGhKInXiSZfI/PKReKiv:UQhFAPo

    Score
    4/10
    behavioral1behavioral2

    • Target

      ͬļ--豸/0.Ŀ¼.doc

    • Size

      39KB

    • MD5

      dedaf7d3995b0b51aa653deb084ea30d

    • SHA1

      6e91de750c56d1f41e8949d42e33e2557db715cb

    • SHA256

      45c17f03f587f0f06c1b1d7425446d320b2716e5338c5e76defcb25b16533b5a

    • SHA512

      5164517eb3e08e46c04992a292a2a6508eb757d03cb94ef0b903d2bb521937be8a7ccdd623fc7e02dfd0c09fe427a37077ce6dea66d42f802030c4a03bf6bd5e

    • SSDEEP

      768:zHZkCM+8m7G5QNzopkeLH5mWLmBg886APorO46:LAPoi

    Score
    4/10
    behavioral3behavioral4

    • Target

      ͬļ--豸/1.ְͬЭ.doc

    • Size

      47KB

    • MD5

      a209e7158816f8d81b6e047ffba33286

    • SHA1

      6232e5bc70826f914b3ae0cb3e643ce86bb70993

    • SHA256

      46efeaf71fb7926aab0ec5b5440a3e83f8de95c83469c1dc4c88d70b8ea0ad93

    • SHA512

      9d724a0e7d2fa62af091fdbaf62f8e76a5e415c308f3c890deb42ad0a28fe5b708cde03e7a6f02ed21ac27e562ef5a99fac6a9bf86890ea4d7c676f7cfb147f5

    • SSDEEP

      384:igZwpyJL8R0rxfrsrHb3EbtW+3Kd5r5knxFnb4Pt65D+Zna2sjIX38+IkSQBfSNB:hZww6ERgWAPo+J

    Score
    4/10
    behavioral5behavioral6

    • Target

      ͬļ--豸/1.¼1 ŵ1_ͬ¼.xls

    • Size

      85KB

    • MD5

      1b312b1526b03f5e4a56672f4978fcfd

    • SHA1

      37f82d04b2d0c432c95bd765d0b9ef5380afc7e4

    • SHA256

      930233d6a045cd9d4b8a2971d1a176aedfb58a25f04fc20ca3b0ebe629471973

    • SHA512

      64677cfaee666d80c4937b553a44034b84505caa14da4f03d22e3491b8447a18f97cb696590ff03e90d3a0b1619bb592ea44f5932c1e97ecc7b4238d3153b957

    • SSDEEP

      1536:HOOOO67DSy1NO2lXbjSytC2BhYS6Drm1gxv7yZmspH7+cclKiEZClsPI4ukoRWGx:Rm1gxv7yZmspH7+cclKisPI4ukoRWGNf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral7behavioral8

    • Target

      ͬļ--豸/1.¼2 ŵ飨2һŵ.xls

    • Size

      93KB

    • MD5

      f181d0c43690b68e13c78bfd30c729a5

    • SHA1

      0205aad940ef3e5f35255035b59c3dd1ded9c76c

    • SHA256

      e44d3a8b0d01423006b7b62214692b896318e71ca588fc575774ebbfd7355373

    • SHA512

      488ecf4115d48218f4171e5ccd8ec9068351100142e1bbc307cf71eeea0ecaffb8ee4f20e920b237537dac7235dec1c1bafbbd89e5ee9eb5a2cdd5aeb141e435

    • SSDEEP

      1536:HOOOO67Dy1SN12lXbjSytC2BhYS6D8YUYh1gxv7yZmspH7+cclKiEZClsPI4uko:yh1gxv7yZmspH7+cclKisPI4ukoRWGNY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral10behavioral9

    • Target

      ͬļ--豸/1.¼3 ŵ飨3_ر.xls

    • Size

      96KB

    • MD5

      73d92c3deade678d26fe9945f46ab864

    • SHA1

      302d28a84dfcfb4a083d0cf5af916d514fbdb58f

    • SHA256

      c78a75a2c2909fb4fe63767308fff176d80af3ae3037677271a36aea382a85c5

    • SHA512

      8d926a517c6395b03bfee51a7fdda9b25c7be497b2cb99a77752bd56735e93fde3a4eed2d727c2f7e68e047d9c001f6a499a8067aa9d6e53ef316c99c9f47951

    • SSDEEP

      3072:Wd1gxv7yZmspH7+cclKisPI4ukoRWGN6WVbrzQ7ITkFIBAww33XjUJtXwm:S1gxv7yZmspH7+cclKisPI4ukoRWGNc+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral11behavioral12

    • Target

      ͬļ--豸/2.ְͬר.pdf

    • Size

      158KB

    • MD5

      cf2b629036686b45828c9f635a628960

    • SHA1

      6b8de94114bf70a3926be3b457bbb24a696997e6

    • SHA256

      e9995ea4257ef0dff283628e5cab9a2e3659b5bd78ded4d9edeb545ec1375b71

    • SHA512

      67ae2402e5dd93a87616e2810974a213aa4144df4d5cb350ef177c368aa14cd4f9d9ba8f666c5b9f44ffd76914a93d405187cea802874e2c90bc72cfa09f9d41

    • SSDEEP

      3072:H+AnGGgJNL5N99eTdgxrw6dD35r4AvDMubRjMKbqhFIDqLhgQ5f7h1eP+zz:Z2NL5V+MXxNbYubS17IqdkCz

    Score
    1/10
    behavioral13behavioral14

    • Target

      ͬļ--豸/2.¼1 ͬ¼.xls

    • Size

      102KB

    • MD5

      71328b6f585f9031135ba4ced98fd576

    • SHA1

      a8b9f4b56ea9142560b1c50697d3588f14564efb

    • SHA256

      b10a6be4568ec1330359c9d803d45f846f346a2bff42f854461874cd34dbe9de

    • SHA512

      1de1f4d43deb460c63751cd58c3e61848569fc12f9c23ff0100bc985ef76c5b7e32a4bcc608f07bf5eb07d1876af6d82453c9101af8702ad7525653cb40229c2

    • SSDEEP

      3072:bTQn6v7yZmspH7+7alMisPI4ukoRWGNTxfAxo2jcc0lbxOrLHDJtXwvd:vQn6v7yZmspH7+7alMisPI4ukoRWGNTB

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral15behavioral16

    • Target

      ͬļ--豸/2.¼10 ǩ֤.doc

    • Size

      49KB

    • MD5

      c4ddf0c10185db5e36be12e55a5e4c05

    • SHA1

      d27ef83032ec0bafbad4f16a8fe8131fd15657e1

    • SHA256

      989feec542782dd7d3b6fd9a1e57d9d60dc2833ffbcba897e530b72ca73e9a5a

    • SHA512

      7732c3173177e4820f8a3a9a4ffc5226ca2a13c1e0d06e49748eec6aed14030e5e6d96aaafafe956426a429b08f30f88ab8bf2cebc7b7f69668b95569923daab

    • SSDEEP

      768:qASB2+aJKkaJydTjYup/jCxTwAPojJ/X:3SBVXWAPojJ/X

    Score
    4/10
    behavioral17behavioral18

    • Target

      ͬļ--豸/2.¼11 ïͬ㹤.pdf

    • Size

      142KB

    • MD5

      e63aac8f15b43dfab5b6863aede10196

    • SHA1

      bf6e9606813f647bc8e50cad4600fb4b1899f4fe

    • SHA256

      03fe55328bbf46c86a21ae2797d9df0128a10c8f034885d085e35f64b8cc73d7

    • SHA512

      12abc77df616f655cd614173155d655d5518a2228df5b638f0400355f6a7c147b485a2c1769cd4f9ca292e378dd3c82c46f02e759ea9f33cf2510a9241c29302

    • SSDEEP

      3072:Q9++KW/Kmu70x2MyEdOERq/GZbzvnMLbB0Ts+a0v:Q9++KW/X2ubqYzvnMLbm1aE

    Score
    1/10
    behavioral19behavioral20

    • Target

      ͬļ--豸/2.¼2 ̷Χ.doc

    • Size

      46KB

    • MD5

      64cc064af98a84d24fcdf17da287323b

    • SHA1

      70784bb8b176fd97de444c6d47411bb580142a56

    • SHA256

      fec538eeb0a24b2520b1c2ae2b84d18ff56837859b2cb8d3c599e15c8054763d

    • SHA512

      f41324237d73cb5e99e9935bd0c9aa1a5f1224562533866c61675157a40340babde1c7e83b5f31c1f1417e8f14f12162a6357955a1a3259af4c84b9d226f7d58

    • SSDEEP

      768:TrXtpBLWPHRGcUOAeIuNABB5viwphZT3dfm2nqDXiXgqyAPoAKb:TdiwhTtfrnE4wAPoAKb

    Score
    4/10
    behavioral21behavioral22

    • Target

      ͬļ--豸/2.¼3 Ŀ.pdf

    • Size

      231KB

    • MD5

      e9821719c78d60293bfe85c83085e71d

    • SHA1

      9076f488205ac1f5bc38f889241acde94b00b9e1

    • SHA256

      d06660bacd42a5734e7c0b31ef7473a2a9f5916f1ea94ba943b6de3a4104086f

    • SHA512

      4d579579759bf971211a22080814835edfd2d1a53197ca465ee649066f562952940ca846be472daad77cc58a0eddc0cd269b8e9825a075528223ad44659d2782

    • SSDEEP

      3072:buGJYhwrQxVPu2iyq1sMVTjbmnDvlkGPD9ssOT5VxJEb5k0cWhx6q6qfUzRjJZQc:bus0ux1TVTPmjjrE599U1UnZQnkyy

    Score
    1/10
    behavioral23behavioral24

    • Target

      ͬļ--豸/2.¼4 ˵.pdf

    • Size

      116KB

    • MD5

      ac0b7ff8ccc804e4a64ad0fb6ef2ddfb

    • SHA1

      056e78842ced91a7fa631c1ad1dcc9bef9b73779

    • SHA256

      78db2841a1003c339e57da35274da3f3b15a1901675f78ba39d6465759074b80

    • SHA512

      acc26b969a8e5edb0ba2f4f70933a3310640cb28da881a098e2c6670bb71bd0d4dfea56095206ceb81da24ca9eb9e605d3f130f8d89da5ac96bdea8e5c318fe6

    • SSDEEP

      3072:FhN2jwkPTIUf/m6G9eelGbpl7xPCoFdCEC5J:ViwITRXuPUplNCr

    Score
    1/10
    behavioral25behavioral26

    • Target

      ͬļ--豸/2.¼5 ̱.pdf

    • Size

      34KB

    • MD5

      9f0a6081e0d68d39a722ef206953ec52

    • SHA1

      45a0fbd6d7ab01d1af594b0d0c44963c896ca89a

    • SHA256

      814517c300d3eec88ac0780939098d64485eded2e69adeee8d220e4ae62c63b0

    • SHA512

      d23759e75a287af40232f0866f4a29638459e1a6a3c691dbd72b7fd21c89a059ce252a1424f0a043b3b6bfd5125d4de7d6ebc41692a92b9836c758a760ff7af1

    • SSDEEP

      768:lKwaNbv7xqBUvDh+OZtrjQ8r4RPpYseAWiMJD:INjlQUvljJYPmYMB

    Score
    1/10
    behavioral27behavioral28

    • Target

      ͬļ--豸/2.¼6 Լ.doc

    • Size

      48KB

    • MD5

      31b4ff00a3a4715d1d4f1c34e4298882

    • SHA1

      efd90f7bc89a58bd39fb2df4361bb90bbaf4c09f

    • SHA256

      b3a86c89e7b2897f3a27d3b87649133df78a581d0829c42dff6e0f2003809ea6

    • SHA512

      d12146effe042faa698d1a8aa0a9fe4aa1ec9fda806f98054278b17742daaab94b54236b6057583b9776a4a6aaebdc6336d2433d015e4e509d2f6fab75dc1a5b

    • SSDEEP

      384:xo12YYY2pcgxiVHGphZTFxcYfm2J/0UqLpg2drziX9cGosv9iSZfI/PKR7ceEYIw:x3fXiwphZT3dfm2nqDXiXZoUAPo75+O

    Score
    4/10
    behavioral29behavioral30

    • Target

      ͬļ--豸/2.¼7 ֤.doc

    • Size

      38KB

    • MD5

      d234650f90c40f04a3ac3c92f971a380

    • SHA1

      f3891b69130d76407e8aa31859c60f67d9bc62f5

    • SHA256

      d1647fe82b90dac4119fa7ff2ae793070055e4266c90e324aba61e7c2f2136f0

    • SHA512

      d1b75f5a89b272ec407583f747d8fae538a11cd43a072a7a82214851a00ba22ace95cc30a4cb737d04ea178a6fd244d0e445bad3d415295ac112a4a4cf663a13

    • SSDEEP

      768:7Vl3EguxHbTn6ndCh5Eab+aInnMtERQnfqAnMtdZ1IhaxnXcsAPoxxb:731Ih0DAPoxp

    Score
    4/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

4
T1158

Privilege Escalation

Defense Evasion

Modify Registry

16
T1112

Hidden Files and Directories

4
T1158

Credential Access

Discovery

Query Registry

27
T1012

System Information Discovery

27
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks