General

  • Target

    f8136a20dbec93a03aaebaf7d36ff199.bin

  • Size

    1.1MB

  • Sample

    241114-ceb1saskgv

  • MD5

    07019677f3c6b6d3bd73d5e8bbbfd8e7

  • SHA1

    c70f5683dddea0d0f52e73007d86ec5e2728c6d3

  • SHA256

    a817dfdce631969b109d59bb4f23ead01218c275f94dc04a11151cd9027f2333

  • SHA512

    bca0064049ffc5d6074ae6a10584774c45a7a19545d6f9350bd024b9c7a236027cab79ccf778ca9ab8680aa05d5b3b9c8f31a5d9cca499458ae96d5f91bc2b96

  • SSDEEP

    24576:kxdDqO2USmndp2wO5az8yb5uv9qGJbeVr+YwO7AdZEvGH:MDG2nSw9z8y9ulBsh+0xGH

Malware Config

Targets

    • Target

      544e3a275c258b90d8cda8be36b057e75451b4901d4663082db9f97419cd5a4a.xls

    • Size

      1.1MB

    • MD5

      f8136a20dbec93a03aaebaf7d36ff199

    • SHA1

      be5e9c920b7e3c61b0b7779c6de6bc28d9aab2d3

    • SHA256

      544e3a275c258b90d8cda8be36b057e75451b4901d4663082db9f97419cd5a4a

    • SHA512

      f2d85f7ddcda4704ca2b057f94386772f4951b0e9b7fe015d9ee39d017267007080dc1f95857182045438f7fc7dac16098e6710611f3c409921b186c3200446c

    • SSDEEP

      24576:aq9PLiijE2Z5Z2am82/gY/tMJE8F84LJQodsG4HD+zBVc:aEPLiij7Z5ZK8Qg8tMpFjLJQod94SP

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Evasion via Device Credential Deployment

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks