Overview

overview

10

Static

static

8

8361305558...19.doc

windows7-x64

10

8361305558...19.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad915185215c5d1b173e085e56eb7d929f0979a4d1ea67aa8830ebdc1aca818c

  • Size

    81KB

  • Sample

    221128-banncacb62

  • MD5

    ff12c42b5049d9435145a96c8d4e761f

  • SHA1

    3c71d2d446d91f21f2a3b8566ed71ed466852d7f

  • SHA256

    ad915185215c5d1b173e085e56eb7d929f0979a4d1ea67aa8830ebdc1aca818c

  • SHA512

    f6a31401437c17f912be0ebad101d043099bd84e519defa26766dc29923adb47977a2b215a8e7eb9b31e4201e3c78963d08c5d71910e7e5dc7ca89144ba5f4ef

  • SSDEEP

    1536:dYnkEQ67ylj0FJkCYJ72wlpethz+XTGyzUovxoF7foUITLktyglvJebYcOok4:ukEQeJkCu72wlpoETfUIatfoVXkfZcYI

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/tQsCK/
exe.dropper

http://labersa.com/hotel/9JDk2/
exe.dropper

http://phikunprogramming.com/bs/page/css/LoKS/
exe.dropper

http://brikee.com/contact/SGe/
exe.dropper

http://terebi.com/best/i404/

Targets

    • Target

      8361305558_Apr_30_2019.doc

    • Size

      154KB

    • MD5

      07908d15d9d9aedc11fb101decfe4ec5

    • SHA1

      96337dd8dac44496321a9b7b1d919a3c0587ea63

    • SHA256

      14bb13a0418e556082607e6372bff208155f5e9b44f8bb6f3f494b9e1ea5f663

    • SHA512

      9625e8449ff544de2cce9cafa7c22715526cbd153d79b276d54229a45b2eb7759975964c1282f4e7bf2b22e4ce4e5ae7c00abef600ad35a8f3d04f6e2a320866

    • SSDEEP

      3072:cUTTYBPAUvvxk/1Zlsc8dN+L9AiOChZzcYk:cUXYB3vvxk9rsDdAGiOChZzTk

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks