Overview

overview

10

Static

static

1

Statement _PTG.xlam

windows7-x64

Statement _PTG.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Statement _PTG.xlam.xlsx

  • Size

    661KB

  • Sample

    231010-nke56sfa72

  • MD5

    5ce2593dd2633a16b59f24f89b59a771

  • SHA1

    8453e8c8e92329d9f1c17b1006b88404fafb460a

  • SHA256

    2e045bfe973e2c4e23ea48dd72e22e92c422b8a9c5dd0d4dcd8bb2d22213f439

  • SHA512

    9e011f707168ede2bb4a0eab10d2ed823e397889b0a42093748ca8097f946f0b9de19f4e00b421e6c492509c6e1cfbdfd3b09749e6eef32e0d61abbd89ae2752

  • SSDEEP

    12288:ITJnWFBBM1CG3SobhrP1U3R1xzsXO/6x/5ZuqgP47EauUmMOVPEh0Vi7j3:yJKa7iucR4O/6xhxOJBPEmVI3

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      Statement _PTG.xlam.xlsx

    • Size

      661KB

    • MD5

      5ce2593dd2633a16b59f24f89b59a771

    • SHA1

      8453e8c8e92329d9f1c17b1006b88404fafb460a

    • SHA256

      2e045bfe973e2c4e23ea48dd72e22e92c422b8a9c5dd0d4dcd8bb2d22213f439

    • SHA512

      9e011f707168ede2bb4a0eab10d2ed823e397889b0a42093748ca8097f946f0b9de19f4e00b421e6c492509c6e1cfbdfd3b09749e6eef32e0d61abbd89ae2752

    • SSDEEP

      12288:ITJnWFBBM1CG3SobhrP1U3R1xzsXO/6x/5ZuqgP47EauUmMOVPEh0Vi7j3:yJKa7iucR4O/6xhxOJBPEmVI3

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks