Overview

overview

10

Static

static

1

Confirmaci...a.xlam

windows7-x64

10

Confirmaci...a.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirmacin de reserva.xlam

  • Size

    717KB

  • Sample

    231002-t5an3see48

  • MD5

    6937a47fb1362267645b56f0511fbb3c

  • SHA1

    a1c8b8cb081cf5b585cdf59a3bf12b4235a0ae4c

  • SHA256

    613bd0a3f2447710c8a65b23d029fd7ef1e2ac55581e1ae9282e2a13f8593dab

  • SHA512

    408f11a3334c7d3ddfc82f1bcc42012eb15e279275516b956e84ffed4982e3f7ceee21956eee82192596f6c7b1bf2b0a84486ece49feb9d6d32d2040df81d76c

  • SSDEEP

    12288:jNhttjJd3OEveYHs7pRqF+2dqk6q+x7bM1RFlTHagPzuaWWIs0tcnirtLPb8DFs:jH/LMLqQ2yd0HTBbuaWDs14D6C

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      Confirmacin de reserva.xlam

    • Size

      717KB

    • MD5

      6937a47fb1362267645b56f0511fbb3c

    • SHA1

      a1c8b8cb081cf5b585cdf59a3bf12b4235a0ae4c

    • SHA256

      613bd0a3f2447710c8a65b23d029fd7ef1e2ac55581e1ae9282e2a13f8593dab

    • SHA512

      408f11a3334c7d3ddfc82f1bcc42012eb15e279275516b956e84ffed4982e3f7ceee21956eee82192596f6c7b1bf2b0a84486ece49feb9d6d32d2040df81d76c

    • SSDEEP

      12288:jNhttjJd3OEveYHs7pRqF+2dqk6q+x7bM1RFlTHagPzuaWWIs0tcnirtLPb8DFs:jH/LMLqQ2yd0HTBbuaWDs14D6C

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks