Overview

overview

10

Static

static

1

c6c5b4ec10...8e.rtf

windows7-x64

10

c6c5b4ec10...8e.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    c6c5b4ec107ed0e93ff1b8c9a3a1218e.rtf

  • Size

    95KB

  • Sample

    240802-pqlqks1eqd

  • MD5

    c6c5b4ec107ed0e93ff1b8c9a3a1218e

  • SHA1

    3abb8737f6c7b2a001b185654fa8f7a809d47804

  • SHA256

    bf890b70ac21f7f2d79a7a552c6a4d8411f19c6864352c0d22b3bfd9b0d39ed5

  • SHA512

    a88364ecf65ba77d4c5d16e55c0781d9e68491c9a9ced8e38eb2b6efe37aadba1c3410389a173e5f5638f8ca9dfce29fe0e8540328c8a29df4b8fe352961e44c

  • SSDEEP

    384:HTaD02BoAP6se7eYe/JiEo0gq6rIfdh4qyEdCh4cD4Q3ZVu4G6nxFDa:HTm02LNe7ePiEz7yllD4Q3ZVh0

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://servidorwindows.duckdns.org/Files/vbs.jpeg
exe.dropper

http://servidorwindows.duckdns.org/Files/vbs.jpeg

Targets

    • Target

      c6c5b4ec107ed0e93ff1b8c9a3a1218e.rtf

    • Size

      95KB

    • MD5

      c6c5b4ec107ed0e93ff1b8c9a3a1218e

    • SHA1

      3abb8737f6c7b2a001b185654fa8f7a809d47804

    • SHA256

      bf890b70ac21f7f2d79a7a552c6a4d8411f19c6864352c0d22b3bfd9b0d39ed5

    • SHA512

      a88364ecf65ba77d4c5d16e55c0781d9e68491c9a9ced8e38eb2b6efe37aadba1c3410389a173e5f5638f8ca9dfce29fe0e8540328c8a29df4b8fe352961e44c

    • SSDEEP

      384:HTaD02BoAP6se7eYe/JiEo0gq6rIfdh4qyEdCh4cD4Q3ZVu4G6nxFDa:HTm02LNe7ePiEz7yllD4Q3ZVh0

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks