Overview

overview

10

Static

static

10

Challenge_...m.docx

windows7-x64

4

Challenge_...m.docx

windows10-2004-x64

1

Challenge_...1.docx

windows7-x64

4

Challenge_...1.docx

windows10-2004-x64

1

Challenge_...y.docx

windows7-x64

4

Challenge_...y.docx

windows10-2004-x64

1

Challenge_...1.docx

windows7-x64

4

Challenge_...1.docx

windows10-2004-x64

1

tools/numb...ing.py

ubuntu-18.04-amd64

1

tools/numb...ing.py

debian-9-armhf

1

tools/numb...ing.py

debian-9-mips

1

tools/numb...ing.py

debian-9-mipsel

1

oledump.py

ubuntu-18.04-amd64

1

oledump.py

debian-9-armhf

1

oledump.py

debian-9-mips

1

oledump.py

debian-9-mipsel

1

plugin_biff.py

ubuntu-18.04-amd64

1

plugin_biff.py

debian-9-armhf

1

plugin_biff.py

debian-9-mips

1

plugin_biff.py

debian-9-mipsel

1

plugin_clsid.py

ubuntu-18.04-amd64

1

plugin_clsid.py

debian-9-armhf

1

plugin_clsid.py

debian-9-mips

1

plugin_clsid.py

debian-9-mipsel

1

plugin_dridex.py

ubuntu-18.04-amd64

1

plugin_dridex.py

debian-9-armhf

1

plugin_dridex.py

debian-9-mips

1

plugin_dridex.py

debian-9-mipsel

1

plugin_hifo.py

ubuntu-18.04-amd64

1

plugin_hifo.py

debian-9-armhf

1

plugin_hifo.py

debian-9-mips

1

plugin_hifo.py

debian-9-mipsel

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mshtml.zip

  • Size

    262KB

  • Sample

    240217-3almjacb64

  • MD5

    75a28db68a020da28cf223010f7c9f9c

  • SHA1

    361aa10961eed91b277ffea70641ed6435550d7d

  • SHA256

    31475717735f9aee20def2a4044b42a52cb92e8cf885b92a042099a273688135

  • SHA512

    6fbe84b932773d0e0f7b12ddcbb4d2b6f802036f71f42f95b65bed7d3a262db3609bbbc4ee8c54a5ee86c5e952da059bba1fd99ac532c07401a3bf98068f3964

  • SSDEEP

    6144:dem485iuNrJhuJGd0AkfX+Yk3xonVBio57pMN+UM8iNuiYwLGZTqUdJP+TDu:dempTJAQd0AmOX3mVBp1MN5Ri/YeGZTl

Score
10/10
linux

Malware Config

Extracted

Rule
Microsoft Office MHTML OLEObject
C2

arsenal.30cm.tw:1212/word.html

http://175.24.190.249/note.html

http://trendparlye.com/wiki0509.html

http://hidusi.com/e8c76295a5f9acb7/side.html

Targets

    • Target

      Challenge_FIles/Employee_W2_Form.docx

    • Size

      12KB

    • MD5

      45e7d6562bfddb816d45649dd667abde

    • SHA1

      00087e46ec0ef6225de59868fd016bd9dd77fa3c

    • SHA256

      679bbe0c50754853978a3a583505ebb99bce720cf26a6aaf8be06cd879701ff1

    • SHA512

      0567873b42eece93787da4f4c3b72ecb0d952450d8eb59b354a5f91ed95395a2662171e05cdcf4a829fdbd0b5cbcca97701fef9b96b1ad0d8728922bbd0288fa

    • SSDEEP

      192:f6ijVmar18H111M05AgPekrFD2h0vsmyVk7PeOJ2wc3rMKkokceeQh:f6ijca6H111/eo1hvsHieIhoseQh

    Score
    4/10
    behavioral1behavioral2

    • Target

      Challenge_FIles/Employees_Contact_Audit_Oct_2021.docx

    • Size

      12KB

    • MD5

      d5742309ba8146be9eab4396fde77e4e

    • SHA1

      8aaa79ee4a81d02e1023a03aee62a47162a9ff04

    • SHA256

      ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a

    • SHA512

      37367ea06191c8a949f6c092bc4137736b344cc9892bf8a19e149557919d9276fb1301009a700cede0f2ca05d6827c827992817aee7b8968a5429e433fe0c8ba

    • SSDEEP

      192:60L6GkWglL+bzW6mlHRrZu87Fym3tZknRIhRHNwC3Eo+ETdlexwDvx/jVm9CoDFn:603kpLTZJHm+Eo+ETd4weCoDFLFd

    Score
    4/10
    behavioral3behavioral4

    • Target

      Challenge_FIles/Work_From_Home_Survey.doc

    • Size

      26KB

    • MD5

      41dacae2a33ee717abcc8011b705f2cb

    • SHA1

      4b35d14a2eab2b3a7e0b40b71955cdd36e06b4b9

    • SHA256

      84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69

    • SHA512

      11f7177dc3c8a804ff6450477e15aadd20fddac98205008db25a4f6ef69a54b7cb7c9dd0d7bdf1b1d317f306482d86ad5ef150530194de7d8dbe344203962648

    • SSDEEP

      768:8HVoVneOa0HD/vb9EVoiJWq8UCei96T8vuX3m86RAFvg5e:8QVvbvb9wnIq8OitP88eY5e

    Score
    4/10
    behavioral5behavioral6

    • Target

      Challenge_FIles/income_tax_and_benefit_return_2021.docx

    • Size

      23KB

    • MD5

      55998cb43459159a5ed4511f00ff3fc8

    • SHA1

      9bec2182cc5b41fe8783bb7ab6e577bac5c19f04

    • SHA256

      d0e1f97dbe2d0af9342e64d460527b088d85f96d38b1d1d4aa610c0987dca745

    • SHA512

      8f04951f9efb5acdad0a625d9f63154089d552fe4281ca53a759cc0a0468b8d9c76af863e34ed6e00802225a4408bcda1110a6efce30357e6173973ea5bf7838

    • SSDEEP

      384:Q6UDg00MWEg9fPCPyH111/elBqhveoNHfn5yAehqbhtgyhdCxi556BjsbIwRq:QcMWE04uebyvNv5yHcttg6dwc5YQb5w

    Score
    4/10
    behavioral7behavioral8

    • Target

      tools/numbers-to-string.py

    • Size

      17KB

    • MD5

      d139e5574623629a158c7cbd0c47b6a6

    • SHA1

      5f6a403b2c0341d917a8e9c9ab84dc76fc9199b2

    • SHA256

      332822ca13b283da92f399ac407ab0a99ab18df32e5996cee9386be54ba8a225

    • SHA512

      1d4dfee764c3fc0b1d9041599654b6e6dc55df40ab96b0517654abc5bb74f6b707fac964946412ea03892a5d573e61435d958315528a7c0490adbf07ac78bf26

    • SSDEEP

      384:QFU0mcbIZyAFURaIZCYbthrkE8JrnutrZ9GjFa8B:yBmcbIZyAFerAE8tUEjFa8B

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral9

    • Target

      oledump.py

    • Size

      100KB

    • MD5

      73216e54933df59ebcb3c121dc2bb2b3

    • SHA1

      2baa74630f14ce5837383c99c43d55728027d650

    • SHA256

      8902aaf410e4400728817162ce08106048ecb6a4a66a14ed7712426f9400b3d0

    • SHA512

      3ea24d5f3486411ac7ef7c3f443f667dd2c426bc4f42d001df19fef504246ea96ccd4756b7d87ebda6e051dee7def1ebb0a98ddc75ce2aa3d07755943cca6a61

    • SSDEEP

      768:YqGPmgclfTo/c/9FB9RtSUVt9NB9RtSPe1Du3wKHMVmA/CGm4qb+c5tQCOCgjD1Y:E7cJHVhjnQAdtdJ0bC/ZsR4HejU5qKkt

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      plugin_biff.py

    • Size

      139KB

    • MD5

      d74fe593741147c60e2a3f7685a3699a

    • SHA1

      9a71d64062338971655e45f06a1dff5a4d599811

    • SHA256

      2031e6a7001c44532cbda669fed36218ceafd2bcc9c2f1458caf21a6e7b08547

    • SHA512

      76e6d4c412192799ac877fc1d3f5adb3f5c074bbce1a0e99c1abd567a0961b6bad6fc123cc1ee08dfba62b7a72c923db5221e05bf9d1c27e2c05c52a73378b52

    • SSDEEP

      1536:/LTuVCzjRet7e1/cX9p9v3BevapX4Rb7bm82lYRQQ8EotT68PllHGLoqDX1qHsG2:/zu9yb7bazjG0qD4K5q6pJwA2K

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      plugin_clsid.py

    • Size

      1KB

    • MD5

      e7689a42210d83e7dd9ed36690e06067

    • SHA1

      d7237f8e606a61a77d2d9920838003a42c953695

    • SHA256

      04c0105d0fb3658d47ed73e8958029eaefc23fc9df6d9f53a70a1fb5e2defa07

    • SHA512

      9625bcd63fa28994169d6c8c5d431d719f9a11110a07387612cafe73a168a46d80dd9fdf28669ec2fcb98c4985c5e4e7fa17ed9f3ac13225286fad0c18c85407

    Score
    1/10
    behavioral21behavioral22behavioral23behavioral24

    • Target

      plugin_dridex.py

    • Size

      8KB

    • MD5

      8156ba189ffbfc5670cf2144d7c60402

    • SHA1

      9396e4650c5691ec94f57c96811599abfc3be6eb

    • SHA256

      abcdd7d762d083e381c8cc8f9b6ab30499fbd87430c4acb4a9805a14d7b91fdd

    • SHA512

      a27fcbce8ada58d820c308f63fa5c80a4898260beeba60af1c77426e43781e4ba847d7b4d417c3b62022a4640a106c83aa8b292c28a14ec0e15049fbfea52049

    • SSDEEP

      192:BW9kTWpO/21vZChCW43Z/sUH+DJoBSDI+uPDq2F9Dha08pWaGgWH:I988I2ChGiJ5czHJ8pWaGgWH

    Score
    1/10
    behavioral25behavioral26behavioral27behavioral28

    • Target

      plugin_hifo.py

    • Size

      864B

    • MD5

      e4fc3406928f74d0e023cd29d861caa5

    • SHA1

      d885483940c776fff0f971a86654117636e20bef

    • SHA256

      87a4855aca7e3d21219b88d1843386396afc94b6e8fd581d86f752110f760b49

    • SHA512

      b9d3839379868a187f323663ee24ab2603f2a2acf2819ce0cb46063cd92c344d1f009355b202a9a79696b0f2282a0e9e3f40741276c2d2b131dbec0c81fac866

    Score
    1/10
    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

9
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks