General

  • Target

    _FM_BUSAN_HOCHIMINH_.xlsx

  • Size

    187KB

  • Sample

    220216-jz1cfabdg8

  • MD5

    9d7bf0f2fbb81660c8b91c2a323fde4e

  • SHA1

    7adf1d60fd08b3accd3a8e58fbdcc674bd1b02ee

  • SHA256

    d60188bc3e17e3fe9a8353a5eb4b791316968f3c1cea1e4e88138718efec0611

  • SHA512

    39842639f118d709102b7e8440cf569d542ca950f77dca21615b74639ac3e1f50bf9901e4def0df93d4addfe3f8dbc2a4e46e84cf56c85ec33c6f8d43e19f462

Score
8/10

Malware Config

Targets

    • Target

      _FM_BUSAN_HOCHIMINH_.xlsx

    • Size

      187KB

    • MD5

      9d7bf0f2fbb81660c8b91c2a323fde4e

    • SHA1

      7adf1d60fd08b3accd3a8e58fbdcc674bd1b02ee

    • SHA256

      d60188bc3e17e3fe9a8353a5eb4b791316968f3c1cea1e4e88138718efec0611

    • SHA512

      39842639f118d709102b7e8440cf569d542ca950f77dca21615b74639ac3e1f50bf9901e4def0df93d4addfe3f8dbc2a4e46e84cf56c85ec33c6f8d43e19f462

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks