Overview

overview

8

Static

static

1

citat05012024.xls

windows7-x64

8

citat05012024.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    citat05012024.xla

  • Size

    239KB

  • Sample

    240501-mazldsce9x

  • MD5

    722ac4b46a0f9c509d4ca3643811f4c6

  • SHA1

    190c095d6d24a432530ea70d9dc0462bb0d4c6bb

  • SHA256

    05ff333a58934cbaa1c251c604fa9dd35cfcb27570a8da931a0fb3e249528ded

  • SHA512

    fe9f80783b2771370ad7f28b2c16c0a132500d98893c4fd01f650a14be7039181e6b76517dfb86b99e236b3b652e0f7c61b4514fa8f56d7ec7bb32a5bb49d3d1

  • SSDEEP

    6144:1d4UcLe0JOqPQZR8MDdATCR3tSv0W8O0U/FQ95IQmefyBfN:QUP/qPQZR8MxAm/S8W8MdQ22yNN

Score
8/10

Malware Config

Targets

    • Target

      citat05012024.xla

    • Size

      239KB

    • MD5

      722ac4b46a0f9c509d4ca3643811f4c6

    • SHA1

      190c095d6d24a432530ea70d9dc0462bb0d4c6bb

    • SHA256

      05ff333a58934cbaa1c251c604fa9dd35cfcb27570a8da931a0fb3e249528ded

    • SHA512

      fe9f80783b2771370ad7f28b2c16c0a132500d98893c4fd01f650a14be7039181e6b76517dfb86b99e236b3b652e0f7c61b4514fa8f56d7ec7bb32a5bb49d3d1

    • SSDEEP

      6144:1d4UcLe0JOqPQZR8MDdATCR3tSv0W8O0U/FQ95IQmefyBfN:QUP/qPQZR8MxAm/S8W8MdQ22yNN

    Score
    8/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks