Overview

overview

10

Static

static

1

FVR Offer ...5.xlam

windows7-x64

10

FVR Offer ...5.xlam

windows10-1703-x64

1

FVR Offer ...5.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    FVR Offer 100050545.xlam

  • Size

    711KB

  • Sample

    231006-vrzlqagg39

  • MD5

    83eeefabbffbd97d45782f55dd6ed246

  • SHA1

    7b0e6024cedb9ac7a460b2971ad74d9e5db52d92

  • SHA256

    fb515d3ef8a4e4a47487b5107d5cbc343a74cd56432e00473d6027f700f9f971

  • SHA512

    5cf3b7f47ce5851bbd645965f367592a71dcddc2a620c0b6d166f528e772cda7153e3c52a99d8d534030dd22cc5ef5c1763e67664aa13b141e4d85dcee1e8ff5

  • SSDEEP

    12288:qeFC6yme9ozewx0CRFERpcA4g37ipJZaE2ZHO4UrubYa+M7bEwhrnbdHg6iHDrG:qeFfyNw+CRW+Q7YZaE2FZUCkglhrnhXh

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      FVR Offer 100050545.xlam

    • Size

      711KB

    • MD5

      83eeefabbffbd97d45782f55dd6ed246

    • SHA1

      7b0e6024cedb9ac7a460b2971ad74d9e5db52d92

    • SHA256

      fb515d3ef8a4e4a47487b5107d5cbc343a74cd56432e00473d6027f700f9f971

    • SHA512

      5cf3b7f47ce5851bbd645965f367592a71dcddc2a620c0b6d166f528e772cda7153e3c52a99d8d534030dd22cc5ef5c1763e67664aa13b141e4d85dcee1e8ff5

    • SSDEEP

      12288:qeFC6yme9ozewx0CRFERpcA4g37ipJZaE2ZHO4UrubYa+M7bEwhrnbdHg6iHDrG:qeFfyNw+CRW+Q7YZaE2FZUCkglhrnhXh

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks