6b6ea217e2d9902116526fe8e76c505ce3898da37ed41e83a0b20b1e110afadc | Triage

Submit
Reports

Overview

overview

Static

static

1

ae280d0e21...5.xlam

windows7-x64

ae280d0e21...5.xlam

windows10-2004-x64

1

Sharing

General

Target

24d588a1c195344294f51350b853d8aa.bin
Size

703KB
Sample

231128-bw23vsed2z
MD5

e58d0e42c2514a96c8dd37554a7888b9
SHA1

7c9c73302fc1045b1dedff45e9075eaa9975f6e4
SHA256

6b6ea217e2d9902116526fe8e76c505ce3898da37ed41e83a0b20b1e110afadc
SHA512

b5ce2b4bafc354ba50c9415ea4429f0a2b22a69f2eaa9abc73432b928e70eaa767db827a861cb05310dcc9f032e942ed35b69cbfe3f26e4fdb0c4131494d79b9
SSDEEP

12288:0jZpcdSZd+qhSylF7bgZ1rJpYozKIcU2nL8nLVlYD/hk4gcvO+bKFeWjmYRbvGVd:QFGISylFI1NyycDL85qD/hO9+bCepYRk

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

ae280d0e2156248467f1bb96f3248fde6a8a24ff4c617c51f3e14eacb84ef015.xlam

Resource

win7-20231023-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae280d0e2156248467f1bb96f3248fde6a8a24ff4c617c51f3e14eacb84ef015.xlam

Resource

win10v2004-20231127-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/666/683/original/js.jpg?1700183864

exe.dropper

https://uploaddeimagens.com.br/images/004/666/683/original/js.jpg?1700183864

Targets

- Target
  
  ae280d0e2156248467f1bb96f3248fde6a8a24ff4c617c51f3e14eacb84ef015.xlsx
- Size
  
  705KB
- MD5
  
  24d588a1c195344294f51350b853d8aa
- SHA1
  
  ed7421046c86823524e49bbb221e3132d35ca783
- SHA256
  
  ae280d0e2156248467f1bb96f3248fde6a8a24ff4c617c51f3e14eacb84ef015
- SHA512
  
  260748ff9a997d7b02375cfcf7f29079ee28470c3f1e28e255b7d4d723ad00d1d79b8d0a92ae13973bc17d214c362535cd7cd497cdab6cf359924a8918ef9810
- SSDEEP
  
  12288:BT+oqO2lkeBqhP+aLrof672k/5+6iz0X7vDq287GSM6PJaYDdW87YQECQShyC7jx:BT+3OlThPb6k/bd7Dq287G+hc83ECxIY
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy