82723f1b548766a4f549f45cd1342addc50c4a5706c8ffb8e4554f724dc7ac52 | Triage

Sharing

General

Target

Solicitud de oferta.xlsx.zip
Size

221KB
Sample

240516-rsz24aha3y
MD5

a471f9af965a004c2d92f09fd13198aa
SHA1

384726f8af5ea6abcca388c014d1e6eaaec7999b
SHA256

82723f1b548766a4f549f45cd1342addc50c4a5706c8ffb8e4554f724dc7ac52
SHA512

b9e27a9d1172795f5ceaf112be88042b664e8e19f1974a8fc319aae7929416b42635fe778a8e62ba38c3c941232ca07ea3dbe6d9ef7f4d8679f13f26a8856ca6
SSDEEP

6144:64AA8oiA4jBCE1bX+shR+pQMeP4fjEe89iCe:64Ok4jBCkz/hRYQMS1eAxe

Score

8^/10

Malware Config

Targets

- Target
  
  Solicitud de oferta.xlsx.vbs
- Size
  
  429KB
- MD5
  
  9a509f7b5c066681e30a9f0d460375e3
- SHA1
  
  1de410352842ad3e9564579ad311ccfc1892cb91
- SHA256
  
  3d20bb55c63e72fe100bd9b8a8731fe4940b39091f3c8d4812cd456f0a47c459
- SHA512
  
  b3115fc12c6538130fa941c36b3427c68b43f85b9698769c0d44c70e66129429fda9e4743918ce9259a206dd8483edcefc12face45e31e2c9c4b5736e1ac6ffa
- SSDEEP
  
  12288:1iJv0ayfOb64MRycngoavbN0vBrbelwuL:1IvBCngoKyYau
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2