Overview

overview

10

Static

static

1

d5c9ffe037...41.rtf

windows7-x64

10

d5c9ffe037...41.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    aebf403b5cddd306587068a601e95d0b.bin

  • Size

    19KB

  • Sample

    240825-b4ebrs1gmg

  • MD5

    68cdc568f29ee9ff58506d237cfcfa3a

  • SHA1

    d514239ced8c829b08ffdcbe4a8e0247d84eafa2

  • SHA256

    41f470e0818f22c1b81f3de249dba3ff473878e087b1a2aa500169bc463fed54

  • SHA512

    1988411f43dadca4b59b31c123ed9a1f86d050d58a8933628d8d67cb8b8a871f005dfbb1a4c2904110e59aae8301782bb41048209ca5fab32bd1ff85809542e8

  • SSDEEP

    384:IvjNF2PUXAVkWx3imWiP73v7oopD5pVEDvHc01mQwNarqY3BCkAynlXLrS:IvZFoUK5imWiT/jh5pVEDBzwNvr86

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      d5c9ffe0379eaf8d85d979a912bb12708eb3114905c5f4019257fc64c007af41.rtf

    • Size

      83KB

    • MD5

      aebf403b5cddd306587068a601e95d0b

    • SHA1

      371fcd641067189024899d0aabe59b66255915e0

    • SHA256

      d5c9ffe0379eaf8d85d979a912bb12708eb3114905c5f4019257fc64c007af41

    • SHA512

      ba2d17f1bf011415218359adc63bdf33032faaf175e87f0b5626ab5b5e6287413417a867b3c61eb8af4e7ff65d0265447cc3a4a30ec57588aaeb750e2819840f

    • SSDEEP

      768:b8m17hRO9d/Osx/Fn/j/ULSy8Zmi4Jby8:b8i7MlZ/FTG8oi4r

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks