c5539e4f4d7e3782803b07d8524b2a40bbd5327736672b091c88067e17896239

General

Target

Boleta de citación juridica.msg
Size

315KB
Sample

240523-adjywseb3z
MD5

e836fb1f96c40711caf7cf99ad833369
SHA1

ffa515bf1b036a959d57e1c70dad202e0c8ddf7d
SHA256

c5539e4f4d7e3782803b07d8524b2a40bbd5327736672b091c88067e17896239
SHA512

66ec28c9d8bb73f0364fa3ca3837d17b5224df5019fb4f34047ff2816f7538c6f2b791c5ef4a22e97c7b5bfb463f920048d18d442fa8ab3d854c5a6d44706b4f
SSDEEP

3072:dDEPM1LzJxsweUyGUuthvv0F8Tr6wmM79kUwafYZMTwZfZZZpiZ98TyOZlqCWusy:+MZoyWZ

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1242508203355537532/1242929653728022528/ooCrpted.vbs?ex=664f9ff1&is=664e4e71&hm=e1d15030e50fd3b49e5e8cb9c48f63314af0b12c8ff157e2cfa09612ea4def1f&

Targets

- Target
  
  Boleta de citación juridica.msg
- Size
  
  315KB
- MD5
  
  e836fb1f96c40711caf7cf99ad833369
- SHA1
  
  ffa515bf1b036a959d57e1c70dad202e0c8ddf7d
- SHA256
  
  c5539e4f4d7e3782803b07d8524b2a40bbd5327736672b091c88067e17896239
- SHA512
  
  66ec28c9d8bb73f0364fa3ca3837d17b5224df5019fb4f34047ff2816f7538c6f2b791c5ef4a22e97c7b5bfb463f920048d18d442fa8ab3d854c5a6d44706b4f
- SSDEEP
  
  3072:dDEPM1LzJxsweUyGUuthvv0F8Tr6wmM79kUwafYZMTwZfZZZpiZ98TyOZlqCWusy:+MZoyWZ
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2