88de739cac5442354a41df7ff4e8fc4f223a8ff9ff87b59c13df607b491ec679

Sharing

Copy URL

Twitter E-mail

General

Target

ManagerOfficeTool-main.zip
Size

13KB
Sample

241216-n4zc6azrfn
MD5

29ddf372af8d7483cb2e29fac23fda46
SHA1

1f7ee432dcf82598becd36547644fad014842a0e
SHA256

88de739cac5442354a41df7ff4e8fc4f223a8ff9ff87b59c13df607b491ec679
SHA512

537f7a1af2bacabe4c7a05578fe514c4c4913b35aed1b5aecc1098a9d6e28e076dafc422d6e687a24b1a13d99adc9b65868884598e71e53e4e2f594a0b1b5800
SSDEEP

192:3AhC+zKGDVmNtPtwciCBcGr8fDka8Jvyfs4/LCuy4SML9ggUqNDXwXdbXlb3nUgy:wdKGeZ9SoiPcvYXLyvqpXwXFxLNF+

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://api.github.com/repos/OfficeDev/Office-IT-Pro-Deployment-Scripts/contents/Office-ProPlus-Management/Get-OfficeVersion/Get-OfficeVersion.ps1

exe.dropper

https://api.github.com/repos/OfficeDev/Office-IT-Pro-Deployment-Scripts/contents/Office-ProPlus-Deployment/Remove-PreviousOfficeInstalls

Targets

- Target
  
  ManagerOfficeTool-main.zip
- Size
  
  13KB
- MD5
  
  29ddf372af8d7483cb2e29fac23fda46
- SHA1
  
  1f7ee432dcf82598becd36547644fad014842a0e
- SHA256
  
  88de739cac5442354a41df7ff4e8fc4f223a8ff9ff87b59c13df607b491ec679
- SHA512
  
  537f7a1af2bacabe4c7a05578fe514c4c4913b35aed1b5aecc1098a9d6e28e076dafc422d6e687a24b1a13d99adc9b65868884598e71e53e4e2f594a0b1b5800
- SSDEEP
  
  192:3AhC+zKGDVmNtPtwciCBcGr8fDka8Jvyfs4/LCuy4SML9ggUqNDXwXdbXlb3nUgy:wdKGeZ9SoiPcvYXLyvqpXwXFxLNF+
Score

10^/10

execution
behavioral1 behavioral2
- Target
  
  ManagerOfficeTool-main/Files/DeploymentScriptTool.py
- Size
  
  16KB
- MD5
  
  5a191eb26c923a61beb0007a8eb3b31b
- SHA1
  
  4db2e105d9d3a88eb64cee2fe5f41408fd6c9937
- SHA256
  
  c624985b46c47f877b3bec1767def6fcc4fad034a2b4350ddccef59677ee711d
- SHA512
  
  def388b65b00d304783e8760b69dd6bd6157a3397817b27a5d7ab6de17da7347e9f574c0e6611c446daeaa3d093e190a45d79a9ddc89c6ea9a7f8d53b718c2d4
- SSDEEP
  
  192:huXLifAzJeLhVmNkZMQooZf34IVwlG4whPe4IXmyjOsDxrRn:hu7iftyNs3ooNp42Y
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ManagerOfficeTool-main/Files/Install.ps1
- Size
  
  9KB
- MD5
  
  bdf4700521e7ff887848f152e53d9446
- SHA1
  
  3714fcb19a4261d7b6b63de09acb3c7b7a20fdb7
- SHA256
  
  262eb464258454d97ffd36c251495811aa13e7686975a3e76492a6297d675c26
- SHA512
  
  b9b54ffa642509074c9a2fb98e9c4af89c6e71e87ee3b9b7ba488d2ce9d0d15ccb02d1e33b49be04a1a1f6f2e048912d7c0b2aafa2056740d0b65adf4598e949
- SSDEEP
  
  96:SCWeJ6OFzaSxW8EpuH+n60Fnqo6xXYnQb1h3o6vnyHB+P1fqCWj4:httD0dxRi
Score

8^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  ManagerOfficeTool-main/Files/ODT_ConfigXML/.txt
- Size
  
  1B
- MD5
  
  68b329da9893e34099c7d8ad5cb9c940
- SHA1
  
  adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
- SHA256
  
  01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
- SHA512
  
  be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
Score

1^/10
behavioral7 behavioral8
- Target
  
  ManagerOfficeTool-main/Files/ODT_ConfigXML/OfficeConfig2013.xml
- Size
  
  628B
- MD5
  
  1dd35ae53b86eb9928af102f1b8dfb4a
- SHA1
  
  0702a5893e7475deaeea1df429f67ce4aea7f9c6
- SHA256
  
  4f44b88f3e8b5e98051165a7ff415528f7c88d051c9d192405f013ca05c29cae
- SHA512
  
  a8a46a4e72abc21c1fbad5a568cb2533efd479c5780fea654c84f7b9560205ff3b58c933f88d1ad8817928886c212df3681d3da73028e2844ad054ffcd2111c7
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  ManagerOfficeTool-main/Files/ODT_ConfigXML/OfficeConfig2016.xml
- Size
  
  685B
- MD5
  
  ac4c839aef48e05687fc0496c2b9ec02
- SHA1
  
  0fb2fcb834ff55830b82b06a2419ab5de228c02a
- SHA256
  
  cc40c09edc0b23aec206c0ad348ba137300b6038bd2f95b834d74fc0844b1bcc
- SHA512
  
  05591138d52c110f650034b5b4052097cac6924676c0553fb64642f9b5756bb257908dcca7a15340d768f0a544451e96d47e718a49e1d778487c92e37d1257b7
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  ManagerOfficeTool-main/Files/ODT_ConfigXML/OfficeConfig2019.xml
- Size
  
  697B
- MD5
  
  7917651bce021d9746f2d242aaeec455
- SHA1
  
  ea3f1fbd2cfc0ed9a90520061be7f50a81e47ae3
- SHA256
  
  b71d1854a109563c0db734f9276222f8690a83d8a8607fae92daf9e65fdfb7d1
- SHA512
  
  ca4442e92e77ddff9007c6171a9b998b73908da5ceff74b4650d4f89e9044d5d49b9c0a150bdecf3d550d0d3a2d056c71807e9f69a9f960fc8e92c22cab6915a
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ManagerOfficeTool-main/Files/ODT_ConfigXML/OfficeConfig2021.xml
- Size
  
  730B
- MD5
  
  aa66aaab6f1f1a2fee296a8caf94e82f
- SHA1
  
  93989da3a925efd1b233899e9ddd1c04a935fa02
- SHA256
  
  37c86b93b586ecd292ad0603e01ba171a592a3426b79a155e0add9b6e624a970
- SHA512
  
  d316bfecc278b19ac79ce2391df800c31171927d20e60d2baaa638ca173623b54e1e76db95488cecd483e2cd24c4341ff7e09266de0f2740580bcbff62399ec2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  ManagerOfficeTool-main/LICENSE
- Size
  
  1KB
- MD5
  
  e9c3950ecaa33d35cff3b2617857830d
- SHA1
  
  674a66b7260a26de93c0a559ccda11acd5418546
- SHA256
  
  e38fc6be3060efd3862b745d2f513d88ec8be2bba781a1503563f34fa07c0b1b
- SHA512
  
  44594b28d7a575001bcd7be20c99898aec59ec63eb46ed7379a0155ac936574ad0cd70f61ccb4fb638356ff5939898d0c097781375fcf0e3e04f05157dd81c3d
Score

1^/10
behavioral17 behavioral18
- Target
  
  ManagerOfficeTool-main/README.md
- Size
  
  8KB
- MD5
  
  73e2dba8f38c9bf617118aae406f61ed
- SHA1
  
  eeea0bb16240b0a6f53619618c9c2378f91845ad
- SHA256
  
  6467d8db18ad1d4ae012e49f614ef1f52aa5eba912cd12bec2b836f7410cd6e8
- SHA512
  
  47057a106a458c5501fd8c979e6e7346812280b517ab745fb4cf7474adfbd4abef57a083cf516015972b94cfdad69cb2caeb5fcca882b538121bf8c4a4df014d
- SSDEEP
  
  192:+VcrKhD4qFielmj9tJMn5nK/KzrayUArvdHN6:9ehEDt8dnt6
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  ManagerOfficeTool-main/RunInstallOffice.bat
- Size
  
  1KB
- MD5
  
  67220c6f2714056236b22f6c0050a1a0
- SHA1
  
  c54e1e079fb9a8e85500283a739675a2c09f8358
- SHA256
  
  c9fa95a5b741fc6e9355702f7925c8c0c629b6d7da914d4159c66ed7bee05fe6
- SHA512
  
  9fbd25d7ae9f6340e7b49a584a191e5f4afe542809d74f4612cbddbbf4ff899633cda9dcc696d58662e5f9f0ed6c251f1cb9fda93513682d06badb7b6d3d4899
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral21 behavioral22
- Target
  
  ManagerOfficeTool-main/Setup.py
- Size
  
  542B
- MD5
  
  5bc2361c6419e83e439619435fa4f294
- SHA1
  
  22565380f55e5ce64ae4e2711dba560f01636308
- SHA256
  
  a6a8023577bc1336ff666927463139c4f505f2e9fea5a17f923550f77c9e69d1
- SHA512
  
  d79c072c9e4ac57b3f7eb4e97419c81d8c8ada55c0cac450b346d38641e004d90231c5644b5cafe4411d59e7196c24b0279df14c538201888e78cd982a43b94b
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Blocklisted process makes network request

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Blocklisted process makes network request

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24