af5bc41229045ab88d9c81992fdb442eb814a9cd765e8172480641359b44b6be | Triage

Submit
Reports

Overview

overview

Static

static

1

xBA TM06-Q6-11-24.rtf

windows7-x64

xBA TM06-Q6-11-24.rtf

windows10-2004-x64

1

Sharing

General

Target

xBA TM06-Q6-11-24.doc
Size

354KB
Sample

241106-hlb71syjal
MD5

d0f2558af01fafc92df8d82c60deb2bf
SHA1

a940bde8c8841e05199fa545fa521441f474d09a
SHA256

af5bc41229045ab88d9c81992fdb442eb814a9cd765e8172480641359b44b6be
SHA512

76bea085c98d8350fa1fbbd9f64297ef215252e7ad6dd05ee124a7ddcbbc0c49518fe1841776a56d0feed156c6a880dbce306bbdc59529175dd5a29185053be7
SSDEEP

3072:A1LnrgVqOj/5cAsFNM8AaG1mryxZB/0LuQIeavuFbKrppVNxd8vMW:A17OjhctN6uiBpJ2KTXxd8vMW

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

xBA TM06-Q6-11-24.rtf

Resource

win7-20241010-en

discovery execution

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

xBA TM06-Q6-11-24.rtf

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

exe.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

Targets

- Target
  
  xBA TM06-Q6-11-24.doc
- Size
  
  354KB
- MD5
  
  d0f2558af01fafc92df8d82c60deb2bf
- SHA1
  
  a940bde8c8841e05199fa545fa521441f474d09a
- SHA256
  
  af5bc41229045ab88d9c81992fdb442eb814a9cd765e8172480641359b44b6be
- SHA512
  
  76bea085c98d8350fa1fbbd9f64297ef215252e7ad6dd05ee124a7ddcbbc0c49518fe1841776a56d0feed156c6a880dbce306bbdc59529175dd5a29185053be7
- SSDEEP
  
  3072:A1LnrgVqOj/5cAsFNM8AaG1mryxZB/0LuQIeavuFbKrppVNxd8vMW:A17OjhctN6uiBpJ2KTXxd8vMW
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy