Overview

overview

10

Static

static

1

PO#035499(1).rtf

windows7-x64

10

PO#035499(1).rtf

windows10-2004-x64

1

Resubmissions

05/05/2023, 10:04

230505-l4emmsbc6y 1

04/05/2023, 07:19

230504-h5tamsaf23 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO#035499(1).doc

  • Size

    3KB

  • Sample

    230504-h5tamsaf23

  • MD5

    b7e88f9f57137b39269a26d7380851ea

  • SHA1

    db32e2761ce37b791a41312355c1caf1c13ae113

  • SHA256

    767640e4be0ad1dc04332cbaa7485d425feebf3e8665af6b9922b09cc98e1a74

  • SHA512

    228823ee6c2dc083fedfb3b19261cd9d8d9d99fbb03f282212646c4478cad64cbeb1e3ebbbc6121b8af6f3e4740d08a781289084ddd38101e66548d9f44096ae

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://172.174.176.153/dll/new_rump_vb.net.txt

Targets

    • Target

      PO#035499(1).doc

    • Size

      3KB

    • MD5

      b7e88f9f57137b39269a26d7380851ea

    • SHA1

      db32e2761ce37b791a41312355c1caf1c13ae113

    • SHA256

      767640e4be0ad1dc04332cbaa7485d425feebf3e8665af6b9922b09cc98e1a74

    • SHA512

      228823ee6c2dc083fedfb3b19261cd9d8d9d99fbb03f282212646c4478cad64cbeb1e3ebbbc6121b8af6f3e4740d08a781289084ddd38101e66548d9f44096ae

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks