General

  • Target

    2303511-EF135H51入厂验收控制计划-S.xls.zip

  • Size

    64KB

  • Sample

    240829-m2v3aazdkl

  • MD5

    68264114bfcc02b51cc43383e2b00fbe

  • SHA1

    282ce83531a10b3acb5858c55fe197f2dc43cd5f

  • SHA256

    23c1c640aaa6f5c7c8f348958b9455d9bfaca9f776f875df6d5eaec7b2488c3c

  • SHA512

    15a773cdf7cd1e1b7e7f3e096189d5765fc64b2a83ba23be56f029fb9abcc26843209b28cab3b3fa09dfa960483d2b0543687f7fa3a81f285b76827fd63fd8f5

  • SSDEEP

    1536:OfRJ7Kdfoofw9gRP/JEMudyRlgZSqMQXrep36k+C:OfRGfnwqRZ7cAaZT9XSpL+C

Malware Config

Targets

    • Target

      ac761aaea484eb231e2a6790bac90a61

    • Size

      179KB

    • MD5

      ac761aaea484eb231e2a6790bac90a61

    • SHA1

      d91095a5cb1b066a839a45ec3547f05ce399030f

    • SHA256

      dff37d336d51bfbc53d3022e68457d72b5450caedd2730f6a1b8e027d63f5113

    • SHA512

      3c74669919366971831d1df00a7a5bfd6fe32bc9f52924062bd47557503bd75da0a5020d9cc741226a8d0e62d24f58ad908e8cfd7cd41b35b7af0f3452c36412

    • SSDEEP

      3072:zYVUpjDqF+wRj/eA05iisqKLzlZ/cB7e7+0t5sQ39MK2HczuRivfmhAUsNYhLJbP:0VUpjDqF+wRj/eA05iisqKLzlZ/cB7/V

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks