Overview

overview

10

Static

static

1

49bfe0d5f5...32.xls

windows7-x64

10

49bfe0d5f5...32.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49bfe0d5f55746bf0ce5016fc4c179d3483dd96ed9175b7e60fb155b8c61b632.xlsx

  • Size

    332KB

  • Sample

    240814-lqc7navfrh

  • MD5

    87cc85777526d5b05b67f4b1466729a4

  • SHA1

    81ad91c53c67b0d800041cfa162fd16c4e420350

  • SHA256

    49bfe0d5f55746bf0ce5016fc4c179d3483dd96ed9175b7e60fb155b8c61b632

  • SHA512

    1f276ff57be75a73eb59a7b85faac182b1000ca7ce9e341178242e7e4f7e66efd3ac64f4f87f84a067f984e2270effe6281dd8d27f0ea977667bae73d56bb9b4

  • SSDEEP

    6144:srNORYBhJHw5ufziCNBmwtzRer7Zwbtong8+9JOnRuoU94bTQdSn:srN7bZ7iCWwtzoqUgmsoO4oE

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg
exe.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

Targets

    • Target

      49bfe0d5f55746bf0ce5016fc4c179d3483dd96ed9175b7e60fb155b8c61b632.xlsx

    • Size

      332KB

    • MD5

      87cc85777526d5b05b67f4b1466729a4

    • SHA1

      81ad91c53c67b0d800041cfa162fd16c4e420350

    • SHA256

      49bfe0d5f55746bf0ce5016fc4c179d3483dd96ed9175b7e60fb155b8c61b632

    • SHA512

      1f276ff57be75a73eb59a7b85faac182b1000ca7ce9e341178242e7e4f7e66efd3ac64f4f87f84a067f984e2270effe6281dd8d27f0ea977667bae73d56bb9b4

    • SSDEEP

      6144:srNORYBhJHw5ufziCNBmwtzRer7Zwbtong8+9JOnRuoU94bTQdSn:srN7bZ7iCWwtzoqUgmsoO4oE

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks