Overview

overview

10

Static

static

8

BAL_94G1BA0C0.doc

windows7-x64

10

BAL_94G1BA0C0.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BAL_94G1BA0C0.doc

  • Size

    178KB

  • Sample

    230630-p4frgsdg6s

  • MD5

    d42e77a9116b6511efd39d230a7205a3

  • SHA1

    8543820a8562c6d5592a3cef444b75ba35062fae

  • SHA256

    f81e4de8069e9551180db92af779f1c19f7bfef0dde8f9696ae0b242d3fb8f2d

  • SHA512

    ea3e14cbde76d904b9f83db4139fd687a9276a1ee1515fb3099b62dfa7a980c8fe15618a0896df2cccbc895c5548e2f20e5efcb1ce96211d421991f3f54c2f5a

  • SSDEEP

    3072:w4PrXcuQuvpzm4bkiaMQgAlSB+XoBcRswY9cqP:NDRv1m4bnQgISBwoKRswY9cqP

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://alameenmission.net/cgi-bin/Ju1r8t/
exe.dropper

https://www.altopropiedades.cl/fonts/AWM/
exe.dropper

http://anisoph.com/cgi-bin/u95B/
exe.dropper

http://identisoft.pt/istore/7U/
exe.dropper

http://b3shop.net/calendar/nnxakTd/
exe.dropper

http://nourishmentjuices.com/wp-content/e/
exe.dropper

https://en.entechco.com.vn/wp-includes/9XMEI7/

Targets

    • Target

      BAL_94G1BA0C0.doc

    • Size

      178KB

    • MD5

      d42e77a9116b6511efd39d230a7205a3

    • SHA1

      8543820a8562c6d5592a3cef444b75ba35062fae

    • SHA256

      f81e4de8069e9551180db92af779f1c19f7bfef0dde8f9696ae0b242d3fb8f2d

    • SHA512

      ea3e14cbde76d904b9f83db4139fd687a9276a1ee1515fb3099b62dfa7a980c8fe15618a0896df2cccbc895c5548e2f20e5efcb1ce96211d421991f3f54c2f5a

    • SSDEEP

      3072:w4PrXcuQuvpzm4bkiaMQgAlSB+XoBcRswY9cqP:NDRv1m4bnQgISBwoKRswY9cqP

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks