General

  • Target

    invoice.zip

  • Size

    16KB

  • Sample

    250520-rbae4sdp6x

  • MD5

    0fa0f1b660962d4a4d1cd6782a03db05

  • SHA1

    a9a49f19c8e2be6ad92ed93786f7af8beb6772e2

  • SHA256

    01c5ea93f845b8f993007e6371a3d7ef511831a165e558485b42afabd71377cd

  • SHA512

    a4638de7828c2dc5a9d8274d206923f163e6d07a183d263b0aba685565ef92be5a7949a0f1b821c7549f91af044b7e578d0f3b12f753186eb219229523c92a29

  • SSDEEP

    384:Z5BnbC5w6JIG9M5PM27Ii4//Rsqo9nwEDDtEx0pempI:lCx9Mxzn4//UFwEixBmpI

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://45.77.65.211:443

Targets

    • Target

      invoice.doc

    • Size

      233KB

    • MD5

      3709eef2d72de0de72649ebdaf3e4082

    • SHA1

      2e7300cfb6f747b9795b59d74366c46efa0e4166

    • SHA256

      d8834aaa5ad6d8ee5ae71e042aca5cab960e73a6827e45339620359633608cf1

    • SHA512

      61fbe2d9384ff0a9e0ec707df7aaedf8be3435278367655dad17ddce2a4650aefe1f36425da261367bee1590f3fd4334de419902b06347d4786bdcb31f648d30

    • SSDEEP

      384:j6YoOWSjwBzKQ6808m3tdgUwyckkS+wuVcCGi:j6adw8D0yah

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v16

Tasks