Overview

overview

10

Static

static

8

75f04986c2...a8.xls

windows7-x64

10

75f04986c2...a8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75f04986c29db0ef075616785e5d4ef25f96df85fad4f21756544d2bb4a84da8

  • Size

    141KB

  • Sample

    241119-xan5rsvlfj

  • MD5

    5289bde931b050914ce8995fa5630290

  • SHA1

    2389cf13ed4efb0bd93c76df46cafe068c3380d5

  • SHA256

    75f04986c29db0ef075616785e5d4ef25f96df85fad4f21756544d2bb4a84da8

  • SHA512

    a3e4836f09af00fa91742d1ef10be1aa69c0e580db06744f9a4fc0cdf1534ed291fb7e018ae8c72a81556db5a23501d4281f573ac693fa68d88b671a0e7395b3

  • SSDEEP

    3072:J7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI0GxL:9cKoSsxzNDZLDZjlbR868O8K0c03D38c

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://chupahfashion.com/eh6bwxk/bowptl/cLo9eq8v8Vht/
exe.dropper

http://ancyh.xyz/Fox-C/LxAhgyO3fMg/
exe.dropper

http://gravton-dev-cms.policyfest.com/Fox-C/BMOkGelwu/
exe.dropper

https://capitalui.futuristic.agency/wp-admin/hwi9bnmXFFm3doo/
exe.dropper

http://cptdmy.com/zqtr/zdJE0jEOxL/
exe.dropper

https://weviralyou.com/wp-content/yl5qV15jWWfaGdSZLR/
exe.dropper

https://megabyte-xtnegocios.com/ys3v1clw/AKm6Q9/
exe.dropper

https://vmsparamedical.com/urjk0xr/PhfwL/
exe.dropper

https://viprait.com/lag5gn/cdy6k/
exe.dropper

https://comingsoon.futuristic.agency/svg/p4xODmupFbHPnr/

Targets

    • Target

      75f04986c29db0ef075616785e5d4ef25f96df85fad4f21756544d2bb4a84da8

    • Size

      141KB

    • MD5

      5289bde931b050914ce8995fa5630290

    • SHA1

      2389cf13ed4efb0bd93c76df46cafe068c3380d5

    • SHA256

      75f04986c29db0ef075616785e5d4ef25f96df85fad4f21756544d2bb4a84da8

    • SHA512

      a3e4836f09af00fa91742d1ef10be1aa69c0e580db06744f9a4fc0cdf1534ed291fb7e018ae8c72a81556db5a23501d4281f573ac693fa68d88b671a0e7395b3

    • SSDEEP

      3072:J7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI0GxL:9cKoSsxzNDZLDZjlbR868O8K0c03D38c

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks