General

  • Target

    Solicitud de oferta.xlsx.zip

  • Size

    221KB

  • Sample

    240516-rsz24aha3y

  • MD5

    a471f9af965a004c2d92f09fd13198aa

  • SHA1

    384726f8af5ea6abcca388c014d1e6eaaec7999b

  • SHA256

    82723f1b548766a4f549f45cd1342addc50c4a5706c8ffb8e4554f724dc7ac52

  • SHA512

    b9e27a9d1172795f5ceaf112be88042b664e8e19f1974a8fc319aae7929416b42635fe778a8e62ba38c3c941232ca07ea3dbe6d9ef7f4d8679f13f26a8856ca6

  • SSDEEP

    6144:64AA8oiA4jBCE1bX+shR+pQMeP4fjEe89iCe:64Ok4jBCkz/hRYQMS1eAxe

Score
8/10

Malware Config

Targets

    • Target

      Solicitud de oferta.xlsx.vbs

    • Size

      429KB

    • MD5

      9a509f7b5c066681e30a9f0d460375e3

    • SHA1

      1de410352842ad3e9564579ad311ccfc1892cb91

    • SHA256

      3d20bb55c63e72fe100bd9b8a8731fe4940b39091f3c8d4812cd456f0a47c459

    • SHA512

      b3115fc12c6538130fa941c36b3427c68b43f85b9698769c0d44c70e66129429fda9e4743918ce9259a206dd8483edcefc12face45e31e2c9c4b5736e1ac6ffa

    • SSDEEP

      12288:1iJv0ayfOb64MRycngoavbN0vBrbelwuL:1IvBCngoKyYau

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks