Overview

overview

10

Static

static

1

0df947fb97...d3.rtf

windows7-x64

10

0df947fb97...d3.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61b061a48eb132e15884e4b53cf0401f.bin

  • Size

    19KB

  • Sample

    240829-bl7wcswepb

  • MD5

    b3a78c9f532de4227cd435fe5fe48844

  • SHA1

    cdcd8210a75fcb93363e6269154c139f9ffc67ba

  • SHA256

    ba296aa6091ebd264a04676834bc32841307e9176f814b703b255ede301a524b

  • SHA512

    839fbdd1de748a9947ec6e172ad742de74bdff68dd09daf0b1d408359c99e9dfcb17ad9fc0a4e35dee17615f74340e4d73575000c30f19038208d89a29ae436e

  • SSDEEP

    384:3SQSgu1vW/tBlXuXmLW7YmiwgWkHvWf+ly1r8c84LwygvlRvmt9HIWiDPTP:3WxezzLysekPWfPr8c84fgvfvmSP

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      0df947fb97839a1ad407667df1c19b277db26fde3954e6109ce70202102184d3.rtf

    • Size

      83KB

    • MD5

      61b061a48eb132e15884e4b53cf0401f

    • SHA1

      0a8dfe6c53dd529299be6596b4fd0dad2e7aadc0

    • SHA256

      0df947fb97839a1ad407667df1c19b277db26fde3954e6109ce70202102184d3

    • SHA512

      5a1dc1b710942d267bf1fd68b9263e98772bb05349d3e6b77dfaeb5d84ebc544643dbedbe1fd5a9f1cf3221eae55b0a71df64c3c962fa0875bcbdbebfa7a5083

    • SSDEEP

      768:yVeODj00VpwJYMEIKPalpyL+/9po1piuf:seOVVeJHEVilpyLyo14uf

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks