Overview

overview

10

Static

static

1

Payment Advice.xls

windows7-x64

10

Payment Advice.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice.xls

  • Size

    1.0MB

  • Sample

    241025-v9zz7sseja

  • MD5

    e7b0128fdc780e228be72adbed8765c4

  • SHA1

    4a7456b2d6422c33f8f7aafa302cd43c8d2d5033

  • SHA256

    c03299410145508191967d0544203e1aed4fc9886b7b11d6d4f05500d002a786

  • SHA512

    da2da848812a40e02e547f6c047baa345492839ac322965721c1988ba862ae3535edb1f9928359db9d64df4eacfd0bcf4e412eaa762cb88e712f2d8b5a56f5b8

  • SSDEEP

    12288:nmzHJEyfN1Y1uBPj39wZE8D3DERnLRmF8D6IHf8wh9HN8zFykCGrqD:uhfg14318bARM8FH/hX85yhz

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      Payment Advice.xls

    • Size

      1.0MB

    • MD5

      e7b0128fdc780e228be72adbed8765c4

    • SHA1

      4a7456b2d6422c33f8f7aafa302cd43c8d2d5033

    • SHA256

      c03299410145508191967d0544203e1aed4fc9886b7b11d6d4f05500d002a786

    • SHA512

      da2da848812a40e02e547f6c047baa345492839ac322965721c1988ba862ae3535edb1f9928359db9d64df4eacfd0bcf4e412eaa762cb88e712f2d8b5a56f5b8

    • SSDEEP

      12288:nmzHJEyfN1Y1uBPj39wZE8D3DERnLRmF8D6IHf8wh9HN8zFykCGrqD:uhfg14318bARM8FH/hX85yhz

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks