771abb2dd9d45565687b372c7049a18779b3f4de35b216709eb3aae06f360561 | Triage

Sharing

General

Target

771abb2dd9d45565687b372c7049a18779b3f4de35b216709eb3aae06f360561.rtf
Size

102KB
Sample

240814-l6ytaswepa
MD5

14063e76ac284744cb2ba86de57b9072
SHA1

a7ea877406729bac83e279d20b85c33e3a88de63
SHA256

771abb2dd9d45565687b372c7049a18779b3f4de35b216709eb3aae06f360561
SHA512

8e897b37ee6cce03b20baff610030bf31416030b34dd741e8df8a7ca90d11b91e80f751777d7573f69d889901d9068d9706805f2787833c341695b4a1607e7dd
SSDEEP

384:WsV+hXw+JmOJAyIIZhplwh0zl7t4M9o24Ji9icNHS08r79qdpHP1u9kMg23G9UmX:IXwaAyP4hwBDXBfJ8rizu9rgtUmoIcI

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

exe.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

Targets

- Target
  
  771abb2dd9d45565687b372c7049a18779b3f4de35b216709eb3aae06f360561.rtf
- Size
  
  102KB
- MD5
  
  14063e76ac284744cb2ba86de57b9072
- SHA1
  
  a7ea877406729bac83e279d20b85c33e3a88de63
- SHA256
  
  771abb2dd9d45565687b372c7049a18779b3f4de35b216709eb3aae06f360561
- SHA512
  
  8e897b37ee6cce03b20baff610030bf31416030b34dd741e8df8a7ca90d11b91e80f751777d7573f69d889901d9068d9706805f2787833c341695b4a1607e7dd
- SSDEEP
  
  384:WsV+hXw+JmOJAyIIZhplwh0zl7t4M9o24Ji9icNHS08r79qdpHP1u9kMg23G9UmX:IXwaAyP4hwBDXBfJ8rizu9rgtUmoIcI
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2