c4c24eb056243059da37e882d660db6e775af54b7ce316a3ade90605e108ba91

General

Target

#Orden de Compra 20181.xlam.xlsx
Size

664KB
Sample

230820-nlk3tagf31
MD5

da934aec1578872bae77e7b1817d873b
SHA1

5d34963d15fe717916c213f96effdb49cb8058fb
SHA256

c4c24eb056243059da37e882d660db6e775af54b7ce316a3ade90605e108ba91
SHA512

3b62dfacee6d85607801ef73468a8795663bc30717a6d099d12b7296adaf7d6ab59a86dce18bf06258fef4165ce5cda96b2d947e9364914dd2baeef6aa40c936
SSDEEP

12288:MXZ4V1mw2Q35FGfY7oNnitgONX4tx6hqmdMWj7hHY3YTWjGL0nDic9GL:mQ1mw2Ywfzit5NX4mheAK38L+DQL

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129

exe.dropper

https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129

Targets

- Target
  
  #Orden de Compra 20181.xlam.xlsx
- Size
  
  664KB
- MD5
  
  da934aec1578872bae77e7b1817d873b
- SHA1
  
  5d34963d15fe717916c213f96effdb49cb8058fb
- SHA256
  
  c4c24eb056243059da37e882d660db6e775af54b7ce316a3ade90605e108ba91
- SHA512
  
  3b62dfacee6d85607801ef73468a8795663bc30717a6d099d12b7296adaf7d6ab59a86dce18bf06258fef4165ce5cda96b2d947e9364914dd2baeef6aa40c936
- SSDEEP
  
  12288:MXZ4V1mw2Q35FGfY7oNnitgONX4tx6hqmdMWj7hHY3YTWjGL0nDic9GL:mQ1mw2Ywfzit5NX4mheAK38L+DQL
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2