Overview

overview

10

Static

static

8

BAH.xls

windows7-x64

10

BAH.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    BAH.xls

  • Size

    134KB

  • Sample

    240822-23yxwsvdnn

  • MD5

    4fb20070ef46f4896c7aca0262e18ce6

  • SHA1

    c3b5d217932b4f2c3ce765691103b14f1a4520e8

  • SHA256

    c433439befa9874ea6532f43760bfaf3ff5f76716229996c111b21e5b1641a7d

  • SHA512

    6d5221345d0d6e9520e996cd087aca43ce061256d1a908dc1e956c9440218b75322c15d71857bb869dfa2c1213a1872e0bb702da01ef47271f3d785200690987

  • SSDEEP

    3072:NcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg4Gx0G:NcKoSsxzNDZLDZjlbR868O8KlVH3jehn

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tastedonline.com/cgi-bin/14Lg3P2Dt3rqBmaYZO/
exe.dropper

http://store.anicyber.com/wp-content/0JIWtpJt681mQ/
exe.dropper

http://jeffreylubin.igclout.com/wp-admin/gJ5oDbi/
exe.dropper

https://dulichkhampha24.net/wp-content/rPThO/
exe.dropper

http://dev.learncaraudio.com/wp-admin/ZIwWVcNiED4JYqnq/
exe.dropper

http://karensgardentips.com/cgi-bin/w9i3PIVDOJDeF095ST/
exe.dropper

http://stancewheels.com/wp-admin/ur031GNgTubBSslqN/
exe.dropper

http://laohange.com/wp-content/brPqH/
exe.dropper

http://139.99.89.211/wp-admin/VM1HRb3b0MGGdp/
exe.dropper

http://onexone.elementor.cloud/cdrxhrt/632SFiWmT1Y/
exe.dropper

https://lastregaristorante.com/wp-admin/vkXFRVu/
exe.dropper

http://sellin.app/wp-admin/0W4AcWvFkHkV/

Targets

    • Target

      BAH.xls

    • Size

      134KB

    • MD5

      4fb20070ef46f4896c7aca0262e18ce6

    • SHA1

      c3b5d217932b4f2c3ce765691103b14f1a4520e8

    • SHA256

      c433439befa9874ea6532f43760bfaf3ff5f76716229996c111b21e5b1641a7d

    • SHA512

      6d5221345d0d6e9520e996cd087aca43ce061256d1a908dc1e956c9440218b75322c15d71857bb869dfa2c1213a1872e0bb702da01ef47271f3d785200690987

    • SSDEEP

      3072:NcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg4Gx0G:NcKoSsxzNDZLDZjlbR868O8KlVH3jehn

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks