Overview

overview

10

Static

static

3

339c803436...29.xll

windows7-x64

7

339c803436...29.xll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e1d24fb776bcfd1877ecfbc50d0bb69a.bin

  • Size

    6KB

  • Sample

    231029-dahhfaee3z

  • MD5

    38eac4cb3740831ce3f17117559b50b7

  • SHA1

    994c31ed68da699153c36a700f56091f7b15729e

  • SHA256

    77053fc3db5dd11f96a97e04542ff529ade7b42be4c5d35c18582b990ab1ff9a

  • SHA512

    eb506e7a5abd3d90dd83fadf27cfe6e4b29ee19ea2b35a8090765e83420e2f858ea7f30dc1cd94e910a9ab7e2e688e3bdc26f50485d0e3ee08f4c1f97bc9f85a

  • SSDEEP

    192:9oKYhXipZ4bpRHH6sKhtPltMy7hXTADY/oBLkp:9XySIbpBHpmMy7CDtBLkp

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://botfusion1-8f4913f37609.herokuapp.com/315031/doc78?hash=AgADNh

Extracted

Language
xlm4.0
Source

Targets

    • Target

      339c8034365586d01a26d3a2830b8978b00dabf55ab44ff2bb3c410fa77dfb29.xll

    • Size

      16KB

    • MD5

      e1d24fb776bcfd1877ecfbc50d0bb69a

    • SHA1

      a56aa775f250a0d3921ca5bd395d17229e9908cf

    • SHA256

      339c8034365586d01a26d3a2830b8978b00dabf55ab44ff2bb3c410fa77dfb29

    • SHA512

      8436de2d3a9e4675c5761e89ec3cdcde4c3c1431d70bbb082b3a0f193138040f129611e414e874dab35323556d971715b9be8b77c78c6b2fd91045cb41194855

    • SSDEEP

      384:KWT9lyoWUlfxV1v10JOc+Z0iEBhuFr7C:K29l6ox/10JAZ0uh

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks