Overview

overview

10

Static

static

10

PO-35662734.docx

windows7-x64

7

PO-35662734.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bf25ddadd365f0a078b689600b16442

  • Size

    85KB

  • Sample

    240203-k4glkagbbl

  • MD5

    8bf25ddadd365f0a078b689600b16442

  • SHA1

    4e18c9225cc95b5e14839404031b070faf04b6ef

  • SHA256

    56f9292f6639bb3d35257752df7b5970d08157c4c60592bc3ccb96ef11cf9a0d

  • SHA512

    260ba239a21e6f1877de029d246e05136da6df3f9a11068333d40368aba7b20714537285891b668066bf1bf7c47de248ca1e3ec686f24cd7145a139eda63fbf7

  • SSDEEP

    1536:GyELzlRCC7X2nddgtFZB7BLbf4P5F4cTupZFJ6DaUs1CN1tACDOW/E:OzB7X2jgtLbQP5FTTupfJ6DwE/VD8

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://longurl.in/htYUl

Targets

    • Target

      PO-35662734.docx

    • Size

      10KB

    • MD5

      38106f6c10bbea4dd4713bc3c85a3277

    • SHA1

      72585bf780b995e8c25e715704b1d470469c23e4

    • SHA256

      4fdab1bae9c4c1a40197d9328862fa3a5e938c26464954367358caaaab0d21de

    • SHA512

      05dd68309121289214efee4ff1986d9d802f1e3d771f019be7343b5326d383855efbd743862d68de4dbff075ad0f5387db8ca56f27af812c903961ceade6a133

    • SSDEEP

      192:ScIMmtPZG/bEpOMgEamWBXpK0ydJb3FXuN:SPXEEpOMNoEP7bk

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks