a7ff0dfc2456baa80e6291619e0ca480cc8f071f42845eb8316483e077947339 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

연인심리테스트.xls
Size

1.5MB
Sample

250519-cas4hagm3y
MD5

6850189bbf5191a76761ab20f7c630ef
SHA1

b512698ecc9bd603d02e9b6a7e1b7b67ba642a42
SHA256

a7ff0dfc2456baa80e6291619e0ca480cc8f071f42845eb8316483e077947339
SHA512

8d7d555747befd79303a2cf21336b0587d366001ce62d49ed22f70ff44a6c030e1498275c3382f725d4f19ea28085fe99535485334ba28ffbf4b26213bcbfc82
SSDEEP

24576:Frd8G3fDPlO8t0xy7LA97VL5Ncn6cP1oHf0o7Txe6kyq+m6caIn9JVqJIG+0OL:7x3uVL5Ncn6cP1oso71dky9fI9JVb

Score

8^/10

defense_evasion execution macos macro persistence

Malware Config

Targets

- Target
  
  연인심리테스트.xls
- Size
  
  1.5MB
- MD5
  
  6850189bbf5191a76761ab20f7c630ef
- SHA1
  
  b512698ecc9bd603d02e9b6a7e1b7b67ba642a42
- SHA256
  
  a7ff0dfc2456baa80e6291619e0ca480cc8f071f42845eb8316483e077947339
- SHA512
  
  8d7d555747befd79303a2cf21336b0587d366001ce62d49ed22f70ff44a6c030e1498275c3382f725d4f19ea28085fe99535485334ba28ffbf4b26213bcbfc82
- SSDEEP
  
  24576:Frd8G3fDPlO8t0xy7LA97VL5Ncn6cP1oHf0o7Txe6kyq+m6caIn9JVqJIG+0OL:7x3uVL5Ncn6cP1oso71dky9fI9JVb
Score

8^/10

defense_evasion execution macro persistence
- Suspicious Office macro
  Office document equipped with macros.
  macro
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionexecutionmacropersistence