48d75213df96f594a6d84b0c9346338d7569ff5a9558174998dca5f2f43919af

Sharing

Copy URL

Twitter E-mail

General

Target

OFFICE2016full.rar
Size

707.6MB
Sample

240423-2zd4bacf73
MD5

4565f1e4d83fc33f7649c25ab141ce62
SHA1

a6bcde7a20720046e791c6aa23437a6892d99bcc
SHA256

48d75213df96f594a6d84b0c9346338d7569ff5a9558174998dca5f2f43919af
SHA512

2aa738cd596c29ad0f07bcaa4bd0cef9f71acd738a34fc7e6f0a5d80f3b2cab6177f284239ae13d05dc36a21ad94f303acb754d006bf6e11f70b756441b67d8d
SSDEEP

12582912:24dcvVUv7hsAF4ShSUcGBFuhnhKs2YWZgtEbObxtjFz5bWFyLYl6MIy+MA:37WAF4S8NhnQFY5tEaxtxz5uog+MA

Score

8^/10

macro macro_on_action

Malware Config

Targets

- Target
  
  OFFICE2016/access.es-es/accessmui.msi
- Size
  
  2.3MB
- MD5
  
  98ef1950d6bb20c2f2295f748d955d33
- SHA1
  
  77354d86de152b784e0874378e6a0c1926c5b0b8
- SHA256
  
  cda2daa7883bf165df5b28ab39a88775f115f5eb3186d838a59284d7dca84e1e
- SHA512
  
  6aa11d19ae305f331894828db20b131ef0ad0ed2183f6444dc9a97451faef70fd5730e3d7eb14ef407dc07709e2b69e9b9fa174111c41d506275e219a4292c3c
- SSDEEP
  
  49152:JhIu+svi4ut1yFXyzEKqle+93GwtF2Vb1eksj:JhIuFvPut1WKM3Gw7Yb
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  OFFICE2016/admin/en-us/octres.dll
- Size
  
  408KB
- MD5
  
  c3cfb928cf7bb5e099c8d0db7a5a67fd
- SHA1
  
  07589be09ddeb2ee20123e2317937fc97f5cccc1
- SHA256
  
  f805d276ff30e48639e0d5d0888fc618dd75c3fefae7b2aaeb08c7ce250ccaa0
- SHA512
  
  bead455b8e198ee026d64c87f5b329476ab9be0e5ba482c4543c7d0b4c65d5386c1bf6b225a15852468e7d1723377e069742c78280601f7ffc79ed459215d812
- SSDEEP
  
  3072:t2Gh8/0D7UGIPCDT3iek/o3Dt0em/9oDhNMKEY4blS6Fx:t337nhP3iN/o6FonMl
Score

1^/10
behavioral3 behavioral4
- Target
  
  OFFICE2016/admin/es-es/octres.dll
- Size
  
  427KB
- MD5
  
  3f6cc50e93f4250c7ec39befa6928140
- SHA1
  
  18e2e14a1c939a454ba1b8ae3b59666ba569d03d
- SHA256
  
  aa18b5c078c224764033e5027f74f30c6b806654b3342c30bc5cad8d207152db
- SHA512
  
  7f064164e7ed9888f0a8cdab26166aff3d9568e175ee979590cb82bc51bab28324dc844e8d75f7bc8534f8f09e80c66f595382bb87e072bca5cbae3eac067cdf
- SSDEEP
  
  3072:Z2Gh8/0D7UGIPCDT3iek/o3Dt0em/v9Ds5pl89Q0WXX:Z337nhP3iN/o6G5pl89Qt
Score

1^/10
behavioral5 behavioral6
- Target
  
  OFFICE2016/admin/fr-fr/octres.dll
- Size
  
  429KB
- MD5
  
  7e2b2e8b6d6b7938d61a674b0309048d
- SHA1
  
  707639967c5acf35f0285bdeb32c5440ada55dbe
- SHA256
  
  5f419b049f6b6fae302814140ff4652342001f2b889da4b8ff6b27a7f9d62521
- SHA512
  
  3f459db6f29ce04ecab57b1d4261ca2fc873934eabae1c021916c3186f7b08fac21b1a59863cc1a556d5d6df054e4f8957cb959ad80402ec6aa03ee1dedd3f00
- SSDEEP
  
  3072:Y2Gh8/0D7UGIPCDT3iek/o3Dt0em/JUmqORZ9mhT:Y337nhP3iN/o6OOM
Score

1^/10
behavioral7 behavioral8
- Target
  
  OFFICE2016/admin/it-it/octres.dll
- Size
  
  424KB
- MD5
  
  a3c3e9b10d76bbf5168fa1a3ee692e7b
- SHA1
  
  339756125f76406489c47fc5ec9cb1e8935006cc
- SHA256
  
  3b06820ed15a631c1577d1cafc9e2b8cf60283dd1d943d1a3e3869a2f5b4b6ff
- SHA512
  
  27fa768a8be6ee22be3b63295d4cb9e63ca6f971bcdf801f09a8c11d3530d296022ede4f60b8565246282e4791fd176d8cfa61463a3c03a03bd6411343123288
- SSDEEP
  
  3072:N2Gh8/0D7UGIPCDT3iek/o3Dt0em/ovOA3qIX68egLJXgT91L2cq:N337nhP3iN/o6t8e4
Score

1^/10
behavioral10 behavioral9
- Target
  
  OFFICE2016/admin/ja-jp/octres.dll
- Size
  
  390KB
- MD5
  
  c90a6cf0e21e59a5b9f66b4cf4e341b3
- SHA1
  
  94ea2f0d3b8468e27b6f10d2924cd49e82047921
- SHA256
  
  41b91c3dd42ccce7273dd73d62cec8f7b12613582f4229c3a99efa5a0e734ad5
- SHA512
  
  99b429ded65011927861901f927a5508218fed7cdd83aa30e52cb52ccbce614249a60515f72741978bba801a2d80111ccfa38126f61457aa3db6e2a170015fed
- SSDEEP
  
  3072:a2Gh8/0D7UGIPCDT3iek/o3Dt0em/+SJq8fxEOoCh87j:a337nhP3iN/o6WEEOoe4
Score

1^/10
behavioral11 behavioral12
- Target
  
  OFFICE2016/admin/oct.dll
- Size
  
  4.8MB
- MD5
  
  218cf4adced2c05d969563cbc483510a
- SHA1
  
  8e52ff08de41440218423149d2aad6873295380b
- SHA256
  
  cc8e03eb9dd7b89b92b7e60d59478c6a7697e825438290de8aa6acc02bab0174
- SHA512
  
  7468e47bb11a64036fa6afb7a1236ca69aa8c203881fecaae5af78fa6d9dd23045911cb24820a3a1318c835656dcd90f586060d453a02925d6b6137c979f68e8
- SSDEEP
  
  49152:G1Foq7ClKhuTe6A42iMXwTJMUI/VO/dLZwUziV5T31R1ayMJY4F8OTF+0:G1F+KUe6DIQ/biPcY8
Score

3^/10
behavioral13 behavioral14
- Target
  
  OFFICE2016/admin/octca.dll
- Size
  
  124KB
- MD5
  
  8362426e1c47489ab141db1f52e2e4b6
- SHA1
  
  1a4f7eb0d3f9f0ea74b477f75bbb7fc07f83f7e5
- SHA256
  
  fba05af9a65969f28d0d02fe01feb0af432c9eea38e00e33cfd4676a2ec5a43e
- SHA512
  
  47fe87a1674fdca65deffbc3b29b2c0642351e26f17b370912f216e29daaedab7140b3ef830616cc43426acda1c58669f170ecb2811a503c3fed5efe13370ce5
- SSDEEP
  
  3072:gpjd7gDeiv4uMfoVszU0FyvX62NFVlAYl8L4ZzP:OgDexuEzU0Sl1g4ZD
Score

1^/10
behavioral15 behavioral16
- Target
  
  OFFICE2016/admin/pt-br/octres.dll
- Size
  
  421KB
- MD5
  
  2eadfe4084f9a34c2b3e265dbf9e2058
- SHA1
  
  75c615fa9420016462583310a9f331c09d4e6178
- SHA256
  
  a1efb27c2fd8e2e552e88d623ce7847132c42fbb5e4f6082d900f7a42764781d
- SHA512
  
  5b00946f9464f7b7f07c952f799ec821e63397aab9ac250a23930ff84da3544bd2a3ccb476cbbb4d73d51303edfb0f8c84b55c2dae054038c88680399fcdbf79
- SSDEEP
  
  3072:N+2Gh8/0D7UGIPCDT3iek/o3Dt0em/q9QgXLsyA9AFmZ8sLnUea:N+337nhP3iN/o65dU
Score

1^/10
behavioral17 behavioral18
- Target
  
  OFFICE2016/admin/ru-ru/octres.dll
- Size
  
  419KB
- MD5
  
  ba9037f5defddf7d6ab69fb288c66921
- SHA1
  
  6df93d364455458652b1175b80b65406e81eb7b5
- SHA256
  
  b7b7a7be5bbf62e9973bf2040af920d0378613f39a98dc2325abb4e9de7d9e0c
- SHA512
  
  959b5cdd88d237ce3bdf9462ca409fef84530b4724761641efc8109e89f427956cbe3e2c7ff127b7250fd74d954e4a77fe1333fe222b0a9079b59b9287c3bbf9
- SSDEEP
  
  3072:n2Gh8/0D7UGIPCDT3iek/o3Dt0em/QckeNPhvlP:n337nhP3iN/o6TPht
Score

1^/10
behavioral19 behavioral20
- Target
  
  OFFICE2016/admin/zh-cn/octres.dll
- Size
  
  378KB
- MD5
  
  1ff26b0c65c29c8cb53b28299b8349e6
- SHA1
  
  3e80bc2340938bf6d33e9c4f20dcfe9429b346e3
- SHA256
  
  da34e222b069dd035ee8732a2b1417c5a6e0227b2fc81cdf647c68fe912f230e
- SHA512
  
  8a924f253c50140f4a906529a2ca9dddd3e67b9daf9866e6a628fb44482664c0d75c2a8232289db887a42ffe891ddd0d759f2db26f49b483cd30caab08d3f30e
- SSDEEP
  
  3072:c2Gh8/0D7UGIPCDT3iek/o3Dt0em/t5TllNUECyqE:c337nhP3iN/o6zllNUECG
Score

1^/10
behavioral21 behavioral22
- Target
  
  OFFICE2016/admin/zh-tw/octres.dll
- Size
  
  379KB
- MD5
  
  c9499bee426df7234382d78edd4b7ada
- SHA1
  
  b9b501da42ae69d1fe1dca67b5dd7e04c82e12d5
- SHA256
  
  dc2d2c29eca34965ab3b788d1956ca1aa5b19b45e5410127d1d12b99cbffe124
- SHA512
  
  f167cc7abdca9986911c7cdee5864d76931277f19de47e7c85b1d05e63b461884743f3cede3955a37a5fb7389d41ffb23f6ad38d6173de8644578a08ed44b0d2
- SSDEEP
  
  3072:Vc2Gh8/0D7UGIPCDT3iek/o3Dt0em/hCJTpoaz3/C:C337nhP3iN/o6JCop
Score

1^/10
behavioral23 behavioral24
- Target
  
  OFFICE2016/dcf.es-es/dcfmui.msi
- Size
  
  2.3MB
- MD5
  
  a0543b894c018380cc5e868f3f168069
- SHA1
  
  583ec7da66ba57ba1fb4415380259614117e74ae
- SHA256
  
  42de4102487e0ca49c4968f1109ba98abb970600eda32ac0eb11e489bd9fb8d0
- SHA512
  
  c51e9ff337a37a593dbc91a34de66d16a045862f0d735c8dea65fb8885ce9f21bb55940643315a357a56de5db4a2de41571d44fef073b7cd93bd715ea32bc932
- SSDEEP
  
  49152:IhIu+svi4ut1yFXyzEKqle+93GwtF2VbIPk9u:IhIuFvPut1WKM3Gw7Yb
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral25 behavioral26
- Target
  
  OFFICE2016/excel.es-es/excelmui.msi
- Size
  
  2.3MB
- MD5
  
  7929ced90a0ae0bc555008de48126723
- SHA1
  
  364d7b13c9e61221e6f8e427329656d85790d10c
- SHA256
  
  1fb86adb56d0b0a13dc974f82673ffdea4021c9c2210bfd97d9aa87b873d84b8
- SHA512
  
  808cb914c3d826f379ab59c7aa787dc088e4246e84885b0edb73967fe21ea283b87f7baeabed00a63eba8b25ce72b678c0137cc5c1eeb31edd1f6cad58acccbb
- SSDEEP
  
  49152:fhIu+svi4ut1yFXyzEKqle+93GwtF2Vb+kbo:fhIuFvPut1WKM3Gw7Yb
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27 behavioral28
- Target
  
  OFFICE2016/groove.es-es/groovemui.msi
- Size
  
  2.3MB
- MD5
  
  e50796bc085e0be45df6f0f61819ac16
- SHA1
  
  cd7d5515646fb357e879def013d2ff49149c6a90
- SHA256
  
  8c0411e735d2e7feb7b6000bb572f5c2b7dba6b5eb88f4507687812c9400f823
- SHA512
  
  c9d804399ef5a7d54c50a09905d10383eb89b4726b95fafe84d03633ea50062db575afb337cf810ca3fa13a0d7fb42647bcb17b728b6244b3e8e1dc3db88a0b2
- SSDEEP
  
  49152:ZhIu+svi4ut1yFXyzEKqle+93GwtF2VbJPkXt:ZhIuFvPut1WKM3Gw7Yb
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  OFFICE2016/leame.htm
- Size
  
  386B
- MD5
  
  c898250d7be1658510152484cc8dd668
- SHA1
  
  b6b227b6408cc87013eac5486578bdd751584c07
- SHA256
  
  ffba0c0174e7c08a9f517a5099072bc98eae74b0f35466e11843c3b997bc16c9
- SHA512
  
  a2edd14341bdcac864b437d54d8f80b760f052f95b8d2d5b48866dfd57b8d39208e93b0774f33b74a2e9578e7357068fb795d98e137b0dda01b1ee2439bf1ea9
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32