55ba7cdf4f44829fb470c66da2e831fe28596a2fcc33b74c0f8f6117786af040 | Triage

Sharing

General

Target

f31ba8351265a427efdf3b2d24ec6fab.rtf
Size

97KB
Sample

241009-qnepxsvgrk
MD5

f31ba8351265a427efdf3b2d24ec6fab
SHA1

0dc5a1c62306ff5e581a15408edc7ea15433a6d2
SHA256

55ba7cdf4f44829fb470c66da2e831fe28596a2fcc33b74c0f8f6117786af040
SHA512

1d70947a6fd849db0df28e79ed830a40355c569b4a89cf7e135deed8077f9089f5f4d3f61ea416537895204e24abf2fcc11406385e600d8410e349a1d06ffd20
SSDEEP

768:uUz5t/tJy06YV+K2IzBG3ZuE6dHscUgoFixYv9bqsRe:u4Zz4Y4zPJuLdHscUgiixa2

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpg%20

exe.dropper

https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpg%20

Targets

- Target
  
  f31ba8351265a427efdf3b2d24ec6fab.rtf
- Size
  
  97KB
- MD5
  
  f31ba8351265a427efdf3b2d24ec6fab
- SHA1
  
  0dc5a1c62306ff5e581a15408edc7ea15433a6d2
- SHA256
  
  55ba7cdf4f44829fb470c66da2e831fe28596a2fcc33b74c0f8f6117786af040
- SHA512
  
  1d70947a6fd849db0df28e79ed830a40355c569b4a89cf7e135deed8077f9089f5f4d3f61ea416537895204e24abf2fcc11406385e600d8410e349a1d06ffd20
- SSDEEP
  
  768:uUz5t/tJy06YV+K2IzBG3ZuE6dHscUgoFixYv9bqsRe:u4Zz4Y4zPJuLdHscUgiixa2
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2