4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a | Triage

Sharing

General

Target

4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a_JC.xlsx
Size

599KB
Sample

230826-rtd61sah83
MD5

f383adacdac479322a5c37c90edf8162
SHA1

d3bf7075832e55aabe76f5256d58bb45f18f9704
SHA256

4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a
SHA512

0f73a5b978e3f27a43abd1bb2a3bc6a9ae04a11c5ac98ed180c60f31416080a49f0c0d194eb0bc14c0db9585e382cd4e7e471647bbc62a9d9e6ff570bebae481
SSDEEP

12288:EEnW3raLk/10xzHtsYpjRLh4Oj0zkRaFwGy5OQPF5EGfeKLRh:NZXFOYpjh+I0gR/MQP3Jfeo

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a_JC.xlsx
- Size
  
  599KB
- MD5
  
  f383adacdac479322a5c37c90edf8162
- SHA1
  
  d3bf7075832e55aabe76f5256d58bb45f18f9704
- SHA256
  
  4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a
- SHA512
  
  0f73a5b978e3f27a43abd1bb2a3bc6a9ae04a11c5ac98ed180c60f31416080a49f0c0d194eb0bc14c0db9585e382cd4e7e471647bbc62a9d9e6ff570bebae481
- SSDEEP
  
  12288:EEnW3raLk/10xzHtsYpjRLh4Oj0zkRaFwGy5OQPF5EGfeKLRh:NZXFOYpjh+I0gR/MQP3Jfeo
Score

10^/10
- Blocklisted process makes network request
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2