Overview

overview

10

Static

static

1

HYUNDAI IN...ER.xls

windows7-x64

10

HYUNDAI IN...ER.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    3151eeb337bdc0be093f392e879cb8eaf3a44d10d012f3296cd029a35d763d45

  • Size

    216KB

  • Sample

    231114-a5mh4aff7s

  • MD5

    77e79041cb0e54f0a870d34e27c7aa86

  • SHA1

    96c930902306610fef6861644df8e2223812c558

  • SHA256

    3151eeb337bdc0be093f392e879cb8eaf3a44d10d012f3296cd029a35d763d45

  • SHA512

    ba93f98bdcd2b19be7026c4be2baccb2ceca94e77f2382310f133d3cf027c2063f43047d46bbdf8413f14bd149fc8d345ab42b234a8bed6815ee806349f369d2

  • SSDEEP

    6144:7Tett7tHOJ+QLdFPaqFKeyRYY9Ijk345s/n+fh:3gpJ4PaqF3Y9IjkI4e

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/654/536/original/new_image.jpg?1698957750
exe.dropper

https://uploaddeimagens.com.br/images/004/654/536/original/new_image.jpg?1698957750

Targets

    • Target

      HYUNDAI INVITATION LETTER.xla

    • Size

      282KB

    • MD5

      8ebd7658975d158beeb4587ac66d2628

    • SHA1

      b83a388737ab385163ef9ddb715a45d04550f138

    • SHA256

      1f9447b936dfc7d9b4ed44796367ade3baa9dec8776e18154b3e45b4cb08bebc

    • SHA512

      99fa927495f1604b4a876f85953ff6d5718096705481c5fce7dedc5cffbb5f62b7f5a7228339522876ae34aa3539753b48bf250c2ca6b3e02abe65b321d22ecc

    • SSDEEP

      6144:EXRC/eu3YDp7LLFY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVsnMI0zBRBmSg:EX4mw3bVsnMIOfm

    Score
    10/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks