Analysing TA551/Shathak Malspam With Binary Refinery
Tags
attack-pattern: Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Regsvr32 - T1218.010 Regsvr32 - T1117 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID ed53ae3f-87bd-41be-a2b0-19a3cdf7d7d5
Fingerprint a61aa5517bce13b2
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 1, 2021, midnight
Added to db Aug. 31, 2024, 12:10 a.m.
Last updated Nov. 17, 2024, 6:31 p.m.
Headline Analysing TA551/Shathak Malspam With Binary Refinery
Title Analysing TA551/Shathak Malspam With Binary Refinery
Detected Hints/Tags/Attributes 46/1/27
Source URLs
Redirection Url
Details Source https://bin.re/blog/analysing-ta551-malspam-with-binary-refinery/
URL Provider
Details Provider Source level domain
Details bin.re bin.re
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 19 Binary Reverse Engineering Blog https://bin.re/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 17 
request.zip
Details Domain 1 
irdocwin.open
Details Domain 2 
beltmorgand.com
Details Domain 372 
wscript.shell
Details Domain 1 
dirdrivedoc.run
Details Domain 1 
activex.open
Details Domain 74 
adodb.stream
Details Domain 2 
stream.open
Details Domain 1 
shellobject.run
Details Domain 1 
doctxt.py
Details Domain 1 
fp.name
Details File 1 
2021-09-01-ta551-malspam-example.eml
Details File 3 
headers.txt
Details File 1 
headers.json
Details File 2 
body.txt
Details File 17 
request.zip
Details File 6 
21.doc
Details File 1 
docdirdoc.exe
Details File 1 
objwshshell.exe
Details File 1 
thewindow.mov
Details File 41 
msxml2.xml
Details File 1 
c:\\\\users\\\\pu blic\\\\winexdir.jpg
Details File 1 
c:\\users\\public\\winexdir.jpg
Details File 1 
doctxt.py
Details Url 1 
http://beltmorgand.com/bmdff/y6
Details Url 1 
http://beltmorgand.com/bmdff/y6m5/acfy0ve...
Details Url 1 
http://beltmorgand.com/bmdff/y6m5/acfy0verqbaz9zxat14bx27i3dq...