Overview

overview

8

Static

static

1

RFQ Annex I - IV.rtf

windows7-x64

8

RFQ Annex I - IV.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    RFQ Annex I - IV.doc

  • Size

    1.2MB

  • Sample

    230821-v2j9sagd2t

  • MD5

    873022c9b96cc23af24246e96e9b82cd

  • SHA1

    4ced8384a125239ade93fdcef158d472d88a29e8

  • SHA256

    72461853ff5181bc2f91d8b142e4f8da46edb81ed23c4a077c806b76e73e0a80

  • SHA512

    145024f4955f5204e71fef5bd8611dc4971bf8fc6dd3e4b0683558cfddcaf76ec4936be3c2214ed66aaad2a178dbf2ad5cd31971e2895a788a5d0523d567a8f0

  • SSDEEP

    24576:W9gsNbh6dyaGeDMurNteoGvxvtK8no7bIpQo86FEGdvT12jazgmzv5zWnMs14q+P:e

Score
8/10

Malware Config

Targets

    • Target

      RFQ Annex I - IV.doc

    • Size

      1.2MB

    • MD5

      873022c9b96cc23af24246e96e9b82cd

    • SHA1

      4ced8384a125239ade93fdcef158d472d88a29e8

    • SHA256

      72461853ff5181bc2f91d8b142e4f8da46edb81ed23c4a077c806b76e73e0a80

    • SHA512

      145024f4955f5204e71fef5bd8611dc4971bf8fc6dd3e4b0683558cfddcaf76ec4936be3c2214ed66aaad2a178dbf2ad5cd31971e2895a788a5d0523d567a8f0

    • SSDEEP

      24576:W9gsNbh6dyaGeDMurNteoGvxvtK8no7bIpQo86FEGdvT12jazgmzv5zWnMs14q+P:e

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks