Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a46508549dd7dea802b813939d3715460b5b61e058128264f4f2b223807bb739

  • Size

    166KB

  • Sample

    191212-lrv2x8v7za

  • MD5

    9cb99f4a36b4ad79d40fda0e530a3ad3

  • SHA1

    ba1be11581014a5fd4376e000a07ace04723e389

  • SHA256

    a46508549dd7dea802b813939d3715460b5b61e058128264f4f2b223807bb739

  • SHA512

    91745700c845b9e13642db77356bd195728625c9fa0d8f77826d1c1a5d39c1d94e11f6271a5fb2b9fcd91696fc77343af3d6568afe6991719b45c0305a0b955e

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://jdcc-stu.com/wp-includes/6109/
exe.dropper

http://jandmadventuring.servermaintain.com/wp-content/uploads/8ly08u77849/
exe.dropper

http://wilkopaintinc.com/common_resource/qac395/
exe.dropper

http://essemengineers.com/AdminPanel/cku0s00262/
exe.dropper

http://t666v.com/vlk2lo4i/fi20416/

Targets

    • Target

      a46508549dd7dea802b813939d3715460b5b61e058128264f4f2b223807bb739

    • Size

      166KB

    • MD5

      9cb99f4a36b4ad79d40fda0e530a3ad3

    • SHA1

      ba1be11581014a5fd4376e000a07ace04723e389

    • SHA256

      a46508549dd7dea802b813939d3715460b5b61e058128264f4f2b223807bb739

    • SHA512

      91745700c845b9e13642db77356bd195728625c9fa0d8f77826d1c1a5d39c1d94e11f6271a5fb2b9fcd91696fc77343af3d6568afe6991719b45c0305a0b955e

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks