97a2bf0fd22138e167c687ae72decada73b49506d0a9b821292a179d0feead34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEW ORDER 36451.xlam
Size

712KB
Sample

230824-m2eejade3x
MD5

103fe0855ad51e463c22105fa370e4fe
SHA1

1638838c90ac5580cc1934d4be03070709eff54e
SHA256

97a2bf0fd22138e167c687ae72decada73b49506d0a9b821292a179d0feead34
SHA512

8c6f309815a0514243c322bd5a643872abf6e6c9c3699cb7efa68e03e46f9ed4ca3a815c7a10bc2035eb9cf4446b68a80f588ead2bc3f08c1a5d6ff3ba160f76
SSDEEP

12288:fHFnRrAgWBbN1x1+s0SRxz7ifOCwBVb2TCztlqD0QYeV/J9e/S1vF092RjkEnb:/5RsLcKDPCwfb28tlqwQ7Lp1aeBnb

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  NEW ORDER 36451.xlam
- Size
  
  712KB
- MD5
  
  103fe0855ad51e463c22105fa370e4fe
- SHA1
  
  1638838c90ac5580cc1934d4be03070709eff54e
- SHA256
  
  97a2bf0fd22138e167c687ae72decada73b49506d0a9b821292a179d0feead34
- SHA512
  
  8c6f309815a0514243c322bd5a643872abf6e6c9c3699cb7efa68e03e46f9ed4ca3a815c7a10bc2035eb9cf4446b68a80f588ead2bc3f08c1a5d6ff3ba160f76
- SSDEEP
  
  12288:fHFnRrAgWBbN1x1+s0SRxz7ifOCwBVb2TCztlqD0QYeV/J9e/S1vF092RjkEnb:/5RsLcKDPCwfb28tlqwQ7Lp1aeBnb
Score

10^/10
- Blocklisted process makes network request
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2