5cd4e6485d048005b1a52079a5b0a10a3cad3c2b928b03c110e45d18025482b1 | Triage

Sharing

General

Target

New order for PO_1211992.xlam.xlsx
Size

606KB
Sample

230825-jxrbraaa55
MD5

955e0b656cbea87a664b814a680c7039
SHA1

6ce5c52c16134086875cfaff92eff909216684a8
SHA256

5cd4e6485d048005b1a52079a5b0a10a3cad3c2b928b03c110e45d18025482b1
SHA512

63cbac277b0e301dd2ced3a04f3f10701de0b03c889b7b082223dea2ac6f9c5915f3fd429938bf9b38a84744da371ea315956ccbe7506e01c1661012dff0bdc1
SSDEEP

12288:eamT9arNAMKQxWTzRGQLhXHmdKuSeKj+f3AOn8jzRcP:eam0AFQmzRpholSwf3AL2P

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  New order for PO_1211992.xlam.xlsx
- Size
  
  606KB
- MD5
  
  955e0b656cbea87a664b814a680c7039
- SHA1
  
  6ce5c52c16134086875cfaff92eff909216684a8
- SHA256
  
  5cd4e6485d048005b1a52079a5b0a10a3cad3c2b928b03c110e45d18025482b1
- SHA512
  
  63cbac277b0e301dd2ced3a04f3f10701de0b03c889b7b082223dea2ac6f9c5915f3fd429938bf9b38a84744da371ea315956ccbe7506e01c1661012dff0bdc1
- SSDEEP
  
  12288:eamT9arNAMKQxWTzRGQLhXHmdKuSeKj+f3AOn8jzRcP:eam0AFQmzRpholSwf3AL2P
Score

10^/10
- Blocklisted process makes network request
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2