Overview

overview

10

Static

static

1

cea5afd13b...6.xlam

windows7-x64

10

cea5afd13b...6.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cea5afd13b92e129cb92104427d1d7915c5ccce1ba85ef314f2db1d6e115b456.xlsx

  • Size

    673KB

  • Sample

    241107-dsj4zsvaka

  • MD5

    132a3570cc09c2e1e315e008004a0d1e

  • SHA1

    3866bceec9cf288999c245fe6949b9d0ce42ca0b

  • SHA256

    cea5afd13b92e129cb92104427d1d7915c5ccce1ba85ef314f2db1d6e115b456

  • SHA512

    fa2a60743b3c4112fbccb1393b5d165520a8f12c7e664e070e70d16f9b0cf0eab586314506d16d9f80140c1f9cf411bcc8067beb6b78111ea23ca11a83e6a0fe

  • SSDEEP

    12288:dZKLu8Y8imd6uYl3In1Ap9/GPpzDBcm86yUsMDbGjNgGcivN3h8f4Js:/KPY8TwDVm1k9/GdBurUNDghvj8P

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1zxD-qVXvvO25GmV9m6xLhdVhXRzA0JEe

exe.dropper

https://drive.google.com/uc?export=download&id=1zxD-qVXvvO25GmV9m6xLhdVhXRzA0JEe

Targets

    • Target

      cea5afd13b92e129cb92104427d1d7915c5ccce1ba85ef314f2db1d6e115b456.xlsx

    • Size

      673KB

    • MD5

      132a3570cc09c2e1e315e008004a0d1e

    • SHA1

      3866bceec9cf288999c245fe6949b9d0ce42ca0b

    • SHA256

      cea5afd13b92e129cb92104427d1d7915c5ccce1ba85ef314f2db1d6e115b456

    • SHA512

      fa2a60743b3c4112fbccb1393b5d165520a8f12c7e664e070e70d16f9b0cf0eab586314506d16d9f80140c1f9cf411bcc8067beb6b78111ea23ca11a83e6a0fe

    • SSDEEP

      12288:dZKLu8Y8imd6uYl3In1Ap9/GPpzDBcm86yUsMDbGjNgGcivN3h8f4Js:/KPY8TwDVm1k9/GdBurUNDghvj8P

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks