General

  • Target

    REQUEST FOR QUOTATION.xls

  • Size

    536KB

  • Sample

    230802-s22gysfd37

  • MD5

    7140a12d1f9b47774b3b302f1024df92

  • SHA1

    f39386fa67795c06277499bff48c7a31cb824a6d

  • SHA256

    c6be4051099ef1b9f2e3b0b1c2b446c34332a0457874c532376475b4a645febf

  • SHA512

    38fb145161a8341f83aec0cce9957e37585e26440f2ced19bc0117d715f2eef94a4978391523b1fd7443259e52d277214b89a86b8fda47cab01683f884d67d64

  • SSDEEP

    12288:qo7h5WQmmme6v3QLQuEHqUu9VnehcxQGCZcIpixWQuoxtJsTqGXJuD:FWQmmav30xGu9VScqndp+WpwtuVJ

Score
10/10

Malware Config

Targets

    • Target

      REQUEST FOR QUOTATION.xls

    • Size

      536KB

    • MD5

      7140a12d1f9b47774b3b302f1024df92

    • SHA1

      f39386fa67795c06277499bff48c7a31cb824a6d

    • SHA256

      c6be4051099ef1b9f2e3b0b1c2b446c34332a0457874c532376475b4a645febf

    • SHA512

      38fb145161a8341f83aec0cce9957e37585e26440f2ced19bc0117d715f2eef94a4978391523b1fd7443259e52d277214b89a86b8fda47cab01683f884d67d64

    • SSDEEP

      12288:qo7h5WQmmme6v3QLQuEHqUu9VnehcxQGCZcIpixWQuoxtJsTqGXJuD:FWQmmav30xGu9VScqndp+WpwtuVJ

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks