Overview

overview

10

Static

static

10

15ce5a1505...3.docm

windows7-x64

7

15ce5a1505...3.docm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15ce5a1505752f3c13b469a6902cc5c0ae472e24fd5a8d6ddd26549615168853

  • Size

    166KB

  • Sample

    221130-r2vhzacf21

  • MD5

    50e392c1c2ea4a3ff5eeac4bfaf24249

  • SHA1

    2d25b5db13300ab7fb0f0836ddea42e98112ae0b

  • SHA256

    15ce5a1505752f3c13b469a6902cc5c0ae472e24fd5a8d6ddd26549615168853

  • SHA512

    d4799722003f2fe145163011feaeb45c731628a8f2c8ad40129d3daef54c70704d4e1ca7c19a12906569a33d503c074284e79dd0513358490cabe7dd6dc25599

  • SSDEEP

    3072:TS1XRJHB2yrlqx1Jxh3Sc7g2QhjsDhroHFNyJkc67dGTZVsaqA:TmXReuGJ3ZsyV8HTOkwZVsY

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://files.catbox.moe/vc8hcm.doc

Targets

    • Target

      15ce5a1505752f3c13b469a6902cc5c0ae472e24fd5a8d6ddd26549615168853

    • Size

      166KB

    • MD5

      50e392c1c2ea4a3ff5eeac4bfaf24249

    • SHA1

      2d25b5db13300ab7fb0f0836ddea42e98112ae0b

    • SHA256

      15ce5a1505752f3c13b469a6902cc5c0ae472e24fd5a8d6ddd26549615168853

    • SHA512

      d4799722003f2fe145163011feaeb45c731628a8f2c8ad40129d3daef54c70704d4e1ca7c19a12906569a33d503c074284e79dd0513358490cabe7dd6dc25599

    • SSDEEP

      3072:TS1XRJHB2yrlqx1Jxh3Sc7g2QhjsDhroHFNyJkc67dGTZVsaqA:TmXReuGJ3ZsyV8HTOkwZVsY

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks