0d97fd00e07fa37cfcd42d48e2a47e319f3865110afe30e46cc0504d6d50bc35 | Triage

Sharing

General

Target

0d97fd00e07fa37cfcd42d48e2a47e319f3865110afe30e46cc0504d6d50bc35.zip
Size

45KB
Sample

250325-gzsaqastav
MD5

fcd518c5966c21b85ec2f868db55d500
SHA1

d17ebd8478197c8edb0bd9afb00b62cae0b038b0
SHA256

0d97fd00e07fa37cfcd42d48e2a47e319f3865110afe30e46cc0504d6d50bc35
SHA512

0e0034628752f60b83e543a09346273d14938b2f8d2a7cb5fc22ac2dc2ba5a42adfee92be6303f0f43c126d3969bc9e323ada4ba2e8ec237dde956c56cda01cb
SSDEEP

768:15/KbWK61xeYmOrWYZuzGv4CyWLYahBysyFS1/bFPmXJzdevaKBZQC90JqFgLB:19QWHzeerXuzGv4MLNy21TINdTOZQSEB

Score

10^/10

defense_evasion discovery macro xlm

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://tinyurl.com/y677kmz8

Targets

- Target
  
  d8032c71de22af1a399435b344ca825689ee175529c98fce2529f128f8357dc2.xls
- Size
  
  67KB
- MD5
  
  85a5ea8dcd78a8df15d7e49bb5f22387
- SHA1
  
  4f3765768183cbf79e220df9a15ca778c2385b64
- SHA256
  
  d8032c71de22af1a399435b344ca825689ee175529c98fce2529f128f8357dc2
- SHA512
  
  ccf1a3c0a39aec76d3da09085b5f3e98dc2540545109a7654bba41f4d2c9bfc03edfe37c3a3ce1276f9795fd5f5c7ae476fb9e58e0b386b8f75ea6f59ba785a5
- SSDEEP
  
  1536:+MnSGiysRchNXHfA1MiWhZFGkEld+Dr7JmSb4wIE7zp0RhBv1hQz7rT01aG:+MnSGiysRchNXHfA1MiWhZFGkEld+Dri
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasion