Overview

overview

10

Static

static

1

PLANILHA BOOKING.ppam

windows7-x64

10

PLANILHA BOOKING.ppam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    8efd9f058134318a98422bf25d03424e

  • Size

    13KB

  • Sample

    240204-m6axxafgd9

  • MD5

    8efd9f058134318a98422bf25d03424e

  • SHA1

    24214defabb9f8c5703de4ddab9650de6c6857ad

  • SHA256

    87a7fce33d1b3699a9664b9af05ab43be45935c885949235005b5584458bdcfb

  • SHA512

    12c560df706535a379989cdc0168795107cfccdc4b8d0d47b3ef585ea3894393ad87a56141ef1500b655c9628cd3667df5845666b4e542cf54f49a7e0899bbdd

  • SSDEEP

    384:DYYupX21SpseWi0sBPvi32+b/Rw5Rel/oKzkJc:Oc60oaSc/1zf

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://www.bitly.com/asdodoasdoaokowdldw

Targets

    • Target

      PLANILHA BOOKING.ppam

    • Size

      9KB

    • MD5

      bb243b6cc1ff85f1d2dde5847388d1d4

    • SHA1

      586d4378e0fac95218a47c042bec7be1a5ce687d

    • SHA256

      1f41c9c17a9115837d337739c24f124a6bea1978fdf27114da6d6ed5180f60eb

    • SHA512

      aa51f8ca0ce667a650fe2a76218d140c5e62d783a638ec2292ae275672f976fd23953345499a0a5464dcb7bf3435aa9cbb5c6ae4478e93d17e1754d96019c0e6

    • SSDEEP

      192:37XqiAtbpccFR/KN9RtTmR2VedTExXp3EiyuurTLZtpG9PElWJ:3PAtbptGtK+edTExp0HLT3pG9PTJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks