Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81968bd2f3aba5dabe1fa57e078665bbb12af3f779b3bb015b03c90ce2feb3b0

  • Size

    175KB

  • Sample

    191212-ehbrfgkwea

  • MD5

    42984e712380504db01c43b1627df2b3

  • SHA1

    55fff5adb0e06f7249d8b3eef40f5c339c6ccbdc

  • SHA256

    81968bd2f3aba5dabe1fa57e078665bbb12af3f779b3bb015b03c90ce2feb3b0

  • SHA512

    c6fafcee4eaee30529ae103083577eaa0d69c1c505ec06320f48b602157ffb571b63dedddeee08ddb6b82e1197f4618f89b8ca956a84849b683ea9f41b22fff8

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://polandpresents.info/libraries/65284EU/
exe.dropper

http://nbnglobalhk.com/cgi-bin/32n2/
exe.dropper

http://armgroup101.com/Old1/cpfa/
exe.dropper

https://pasadenacf.org/wp-content-orig/akzk9i/
exe.dropper

http://armanchemical.com/wp-content/9Bg1ybsr/

Targets

    • Target

      81968bd2f3aba5dabe1fa57e078665bbb12af3f779b3bb015b03c90ce2feb3b0

    • Size

      175KB

    • MD5

      42984e712380504db01c43b1627df2b3

    • SHA1

      55fff5adb0e06f7249d8b3eef40f5c339c6ccbdc

    • SHA256

      81968bd2f3aba5dabe1fa57e078665bbb12af3f779b3bb015b03c90ce2feb3b0

    • SHA512

      c6fafcee4eaee30529ae103083577eaa0d69c1c505ec06320f48b602157ffb571b63dedddeee08ddb6b82e1197f4618f89b8ca956a84849b683ea9f41b22fff8

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks