Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b

  • Size

    176KB

  • Sample

    191209-wljpd8pq9j

  • MD5

    b147ef181809997d173ebc4242d4a74d

  • SHA1

    a6a1cc1e66ba3b0fd0658b04271eea49f60548f3

  • SHA256

    23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b

  • SHA512

    818a9d25728854279e5c51c846828471d480c8361010fbf7441a8390396752e258b827a3057e66874a58eb27ab6432cb475f7b36f9f1c043ff02caf85b5b98d1

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.aitb66.com/wp-admin/wdm12182/
exe.dropper

http://zisoft.zinad.net/wp-content/7flgzi080/
exe.dropper

http://ausflugemarrakesh.com/cgi-bin/512/
exe.dropper

http://axis-gps.com/pzdjz/hgpu56/
exe.dropper

https://xploremotions.com/rtrx/c656/

Targets

    • Target

      23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b

    • Size

      176KB

    • MD5

      b147ef181809997d173ebc4242d4a74d

    • SHA1

      a6a1cc1e66ba3b0fd0658b04271eea49f60548f3

    • SHA256

      23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b

    • SHA512

      818a9d25728854279e5c51c846828471d480c8361010fbf7441a8390396752e258b827a3057e66874a58eb27ab6432cb475f7b36f9f1c043ff02caf85b5b98d1

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks