c43a3a0ce7d7879849045e4ff17ff6f6d74a3462bd2da91e0f0284d3768a2b96 | Triage

Submit
Reports

Overview

overview

Static

static

1

Comprobant...o.xlam

windows7-x64

Comprobant...o.xlam

windows10-2004-x64

1

Sharing

General

Target

Comprobante de pago.xlam.xlsx
Size

659KB
Sample

241024-hen81azarm
MD5

3739645f289889f9008d2607eb2558e1
SHA1

d32ffac570a059cc5582e7eb4668bb34c2b3fcc7
SHA256

c43a3a0ce7d7879849045e4ff17ff6f6d74a3462bd2da91e0f0284d3768a2b96
SHA512

1d7217a9d1cf9091584d7498c3c5a725e6b31c1beefa000c6a21bf031575d4c0431caa8309355e72264b3f1f8fc67a6309e1c85a0b4998fc9aef6f18da362133
SSDEEP

12288:SUoSJ7YYHc6Ox7686f5BZe8/1Y01siVR4QylxDaOBLKmAivf8U/Fp6z:yS/86Ku/Ze8dYNqRjExD7B9Aivkuwz

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

Comprobante de pago.xlam

Resource

win7-20241010-en

discovery execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Comprobante de pago.xlam

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1-Wdgeq0fX9aApdlSW9dln1Pc_KEGpfHp

exe.dropper

https://drive.google.com/uc?export=download&id=1-Wdgeq0fX9aApdlSW9dln1Pc_KEGpfHp

Targets

- Target
  
  Comprobante de pago.xlam.xlsx
- Size
  
  659KB
- MD5
  
  3739645f289889f9008d2607eb2558e1
- SHA1
  
  d32ffac570a059cc5582e7eb4668bb34c2b3fcc7
- SHA256
  
  c43a3a0ce7d7879849045e4ff17ff6f6d74a3462bd2da91e0f0284d3768a2b96
- SHA512
  
  1d7217a9d1cf9091584d7498c3c5a725e6b31c1beefa000c6a21bf031575d4c0431caa8309355e72264b3f1f8fc67a6309e1c85a0b4998fc9aef6f18da362133
- SSDEEP
  
  12288:SUoSJ7YYHc6Ox7686f5BZe8/1Y01siVR4QylxDaOBLKmAivf8U/Fp6z:yS/86Ku/Ze8dYNqRjExD7B9Aivkuwz
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy