Overview

overview

10

Static

static

1

Levanto - ...0.xlam

windows7-x64

10

Levanto - ...0.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Levanto - PURCHORD39220.xlam.xlsx

  • Size

    583KB

  • Sample

    230815-pwsfbacf5t

  • MD5

    83b0dfc062ae26043b4a1d77c5bb0ecf

  • SHA1

    33398ca86be5c6166af66442b92daa9f27b68ae3

  • SHA256

    45be2740870ebe4272e62da02cbb6097ae4d4802000d50e514f3d5970b46eb50

  • SHA512

    29ba0507300d1b8ebfe8c40a8e192c4540e39dca7692b6eb071b64b39a8eab84614a3dd2a93c82d4748096ddd5461f28c8cf870634ac3d45bd92343e862e2d2c

  • SSDEEP

    12288:c7d6G+Z81BWWr5rzfUWfghIEEhzWI5l2cJlm21u0cI06yve:c709Z8DtlsvIRWI5cOmFY

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

    • Target

      Levanto - PURCHORD39220.xlam.xlsx

    • Size

      583KB

    • MD5

      83b0dfc062ae26043b4a1d77c5bb0ecf

    • SHA1

      33398ca86be5c6166af66442b92daa9f27b68ae3

    • SHA256

      45be2740870ebe4272e62da02cbb6097ae4d4802000d50e514f3d5970b46eb50

    • SHA512

      29ba0507300d1b8ebfe8c40a8e192c4540e39dca7692b6eb071b64b39a8eab84614a3dd2a93c82d4748096ddd5461f28c8cf870634ac3d45bd92343e862e2d2c

    • SSDEEP

      12288:c7d6G+Z81BWWr5rzfUWfghIEEhzWI5l2cJlm21u0cI06yve:c709Z8DtlsvIRWI5cOmFY

    Score
    10/10

    • Blocklisted process makes network request

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks