8f9c3c605f01435a65bbfbc042d64e96bc3f116105327a9ff25ded111ab9f317 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

URGENT ENQUIRY - T2190 27th August.xlam.xlsx
Size

723KB
Sample

230828-redlyaee3w
MD5

cd7be02e43a9df831bfa8d9bea3a5cb3
SHA1

230156928b9e51ccc2f2b9ec40b30cab7b5cd920
SHA256

8f9c3c605f01435a65bbfbc042d64e96bc3f116105327a9ff25ded111ab9f317
SHA512

e4afc72e927da38f1150344243232fc32766916961509419ab33e9a8e0c5dc5943cb80a7c2b7adb05c341334e805e224b18a2f7a5507f374444baa3a3ac3dfe7
SSDEEP

12288:P0yre87oGoY31afq+8NDinhhtYrWKqzXg3haL7VyIG9z127pkbPm4im5Mr7eMQsw:P5re0F1bDi+rWKqzXYhMyRximFMxEQ/w

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  URGENT ENQUIRY - T2190 27th August.xlam.xlsx
- Size
  
  723KB
- MD5
  
  cd7be02e43a9df831bfa8d9bea3a5cb3
- SHA1
  
  230156928b9e51ccc2f2b9ec40b30cab7b5cd920
- SHA256
  
  8f9c3c605f01435a65bbfbc042d64e96bc3f116105327a9ff25ded111ab9f317
- SHA512
  
  e4afc72e927da38f1150344243232fc32766916961509419ab33e9a8e0c5dc5943cb80a7c2b7adb05c341334e805e224b18a2f7a5507f374444baa3a3ac3dfe7
- SSDEEP
  
  12288:P0yre87oGoY31afq+8NDinhhtYrWKqzXg3haL7VyIG9z127pkbPm4im5Mr7eMQsw:P5re0F1bDi+rWKqzXYhMyRximFMxEQ/w
Score

10^/10
- Blocklisted process makes network request
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2