Overview

overview

10

Static

static

reporte ba...to.rtf

windows7-x64

10

reporte ba...to.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    reporte bancario#pago devuelto.doc

  • Size

    9KB

  • Sample

    230106-3qyl2afg2v

  • MD5

    0611e9fc814aae37824ba812530868ab

  • SHA1

    9148b89940cdb3f273f1135136e9616491f90ba6

  • SHA256

    45a4d90447393903cb9bf5a6df74a712bb5113557860f24269a384db7c56c561

  • SHA512

    146fef6cb20c6ed2950bfe8ba04b8171f83b85ef7f5cbd1851d0c1132c0f53d6c35a4b6d7ea5164357edae80d5077bc82e8adbd473280528d8dadedcae4a64c3

  • SSDEEP

    192:gZM861UaEiX4IQRqDyvkFoVvQlLhArrKx0ELnTam0uLZUXm6D:gXTaEuvDOkFcQH6rKxnLnTlHmXm6D

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://172.174.176.153/dll/NoStartUp.ppam

Targets

    • Target

      reporte bancario#pago devuelto.doc

    • Size

      9KB

    • MD5

      0611e9fc814aae37824ba812530868ab

    • SHA1

      9148b89940cdb3f273f1135136e9616491f90ba6

    • SHA256

      45a4d90447393903cb9bf5a6df74a712bb5113557860f24269a384db7c56c561

    • SHA512

      146fef6cb20c6ed2950bfe8ba04b8171f83b85ef7f5cbd1851d0c1132c0f53d6c35a4b6d7ea5164357edae80d5077bc82e8adbd473280528d8dadedcae4a64c3

    • SSDEEP

      192:gZM861UaEiX4IQRqDyvkFoVvQlLhArrKx0ELnTam0uLZUXm6D:gXTaEuvDOkFcQH6rKxnLnTlHmXm6D

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks