Resubmissions

01-08-2023 12:33

230801-prc5tsgh6s 10

01-08-2023 12:27

230801-pm6xcagh4w 10

General

  • Target

    PO-465514-180820.doc.zip

  • Size

    99KB

  • Sample

    230801-prc5tsgh6s

  • MD5

    8aabc58ea370d5353d52deb53a8125af

  • SHA1

    11df53561db51d94ddbf8b06194c9bafcbc2818b

  • SHA256

    69c925d0b4cc3466d99f6c8615dd15051c3e9a79c22914e3766cdb69590979f2

  • SHA512

    7d379a52890cdf0bf293184e5f7461c4f8ae60e986b612be8d81fcf00dffd647976655f8f571c08eec8192b84aadae05849be63fc3ca3a5ecec93b7b7dde464e

  • SSDEEP

    1536:2jO9ktu1ULXelVvT0aqJ8Z/2b8cdePdIbJFo9c77SdSzCCTzmsvYM3PeR:eO9FWLsbF48h2b8ieEXl7pzCwzmsv7WR

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://52550750-56-20180826151453.webstarterz.com/savewayexpressthai.com/jnze_2o3j_k/

exe.dropper

http://oubaina.com/wp-includes/lqkz_nvr_1avf4/

exe.dropper

https://www.msbc.kz/data/k527_5_cbdvv5bi19/

exe.dropper

http://okcupidating.com/im/fsq_esj_qgx060p/

exe.dropper

http://bike-nomad.com/cgi-bin/7n_0x0_62mnzyh9q/

Targets

    • Target

      PO-465514-180820.doc

    • Size

      174KB

    • MD5

      d7e6921bfd008f707ba52dee374ff3db

    • SHA1

      833bf5524a745a315c083067f2cbbf037fa35d56

    • SHA256

      044aa7e93ec81b297b53aaebad9bbac1a9d754219b001aaf5d4261665af30bc7

    • SHA512

      12a527967ad448075519fb57954b1c2cab1f049de042309b9554c689cf4d0f8e99226cbb1e7dd41d9379914b3aaf75f51785573860f77662495d44e6539dfe9a

    • SSDEEP

      3072:fNw4PrXcuQuvpzm4bkiaMQgAlSKQg0g3Vwse:bDRv1m4bnQgISKQg0gFwse

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks