Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a292573900ffb7c502ba2af83faf97e5c3067585cfe757007c5163a406421f8

  • Size

    166KB

  • Sample

    191212-bvfwwlnwde

  • MD5

    dc94e569e67e34bad59280fa769ede88

  • SHA1

    b683559ab8fc7827a59d611fed6efeff717a8033

  • SHA256

    5a292573900ffb7c502ba2af83faf97e5c3067585cfe757007c5163a406421f8

  • SHA512

    7cedeaba04dc499b2b275fb948fd02a17eaa9be051690d35ad17cf9ee8b36569ecf228f2b8bcf96730f47e4b02231cb97f29e5fdbbe9027f6e1a13ff00406ca1

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://acqua.solarcytec.com/rtsbgs/XiWmtYYur/
exe.dropper

https://blog.learncy.net/wp-admin/user/oxZqQp/
exe.dropper

http://hospitalsanrafael.ainimedina.com/wp-includes/vwf-i8ge-4445917/
exe.dropper

https://sg771.kwikfunnels.com/phpmyadmin_bck/x9tfn-lv1h4-174129596/
exe.dropper

http://www.siyinjichangjia.com/wp-content/WYszsP/

Targets

    • Target

      5a292573900ffb7c502ba2af83faf97e5c3067585cfe757007c5163a406421f8

    • Size

      166KB

    • MD5

      dc94e569e67e34bad59280fa769ede88

    • SHA1

      b683559ab8fc7827a59d611fed6efeff717a8033

    • SHA256

      5a292573900ffb7c502ba2af83faf97e5c3067585cfe757007c5163a406421f8

    • SHA512

      7cedeaba04dc499b2b275fb948fd02a17eaa9be051690d35ad17cf9ee8b36569ecf228f2b8bcf96730f47e4b02231cb97f29e5fdbbe9027f6e1a13ff00406ca1

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks