Overview

overview

10

Static

static

8

5183806092...om.doc

windows7-x64

10

5183806092...om.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Egyptair.zip

  • Size

    702KB

  • Sample

    230314-n7kn6shb9v

  • MD5

    bfa50a2fae18263e51e498e5a96e54a3

  • SHA1

    d082d426ff9850b5f1d2f1d0f79dfc7f9094e8e1

  • SHA256

    19a90eef0f52ce9d9ece0aa3d560f9bdd469b7c0b780fd2269ba9082b001ca00

  • SHA512

    c7a42dcfe159cabdb9b5e0705d23915d09e105117760546d98703527356d8965ccdf85e9f156f16ee56c99eeaeae0a74e54fb3f6e45761b32f8dc18873cde174

  • SSDEEP

    3072:mIFb4Wmkqke+cEeqH9vH+i2s1Vj8JxuLVpMs75XLKZvq:mOykqk6Lw+i2s1Vjkxuxp/Qvq

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      5183806092083307240, United Kingdom.doc

    • Size

      548.3MB

    • MD5

      8ad41b75ac260ad12600a77dbf27de25

    • SHA1

      fcf2484ae2913cefe5de026ef39b2537bda10138

    • SHA256

      33a483e9a68e674ba8166300aa38d19197b1ee5bb72ff784a9e48797c5337c9b

    • SHA512

      e9f481765d140bf3a0c716a1f138d75b0b3b12333f84dc9820efa01a2557b4e93797545497937fc82f1e752fc93c3967ddf7639503046fd2d532eecb0783709c

    • SSDEEP

      6144:1620tqUx3Xu+7ZkRIDNGi9a0Va5UAClo:1620tqm3+I2ezcz5U3lo

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks