Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c8dba81db95bc51ed5031e5d36754b7511c85af2bf774d9b2399516815f2936

  • Size

    178KB

  • Sample

    191212-w2am46mdma

  • MD5

    347a656f131c0b9c7e409e7e826f98fb

  • SHA1

    d48da24d584f23184e4f4650ec7ea75565e011a9

  • SHA256

    5c8dba81db95bc51ed5031e5d36754b7511c85af2bf774d9b2399516815f2936

  • SHA512

    c32eae2183a4f9e904de7cd7c0e3ba11e02c7725afb38805cd16386216cb245e039b9432cdb1fb4d2b2f169d315b5a2b8f4f06b3013f71b3fcb700ad1e301bab

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://beekaygroup.com/wp-admin/9MmF/
exe.dropper

http://ddecoder.com/css/tct/
exe.dropper

http://ekolfotografcilik.com/administrator/dm3cou/
exe.dropper

http://fairfaxhost.com/Nets.eu/7Lzn9wt/
exe.dropper

http://int.spro3.fcomet.com/wp-admin/jv/

Targets

    • Target

      5c8dba81db95bc51ed5031e5d36754b7511c85af2bf774d9b2399516815f2936

    • Size

      178KB

    • MD5

      347a656f131c0b9c7e409e7e826f98fb

    • SHA1

      d48da24d584f23184e4f4650ec7ea75565e011a9

    • SHA256

      5c8dba81db95bc51ed5031e5d36754b7511c85af2bf774d9b2399516815f2936

    • SHA512

      c32eae2183a4f9e904de7cd7c0e3ba11e02c7725afb38805cd16386216cb245e039b9432cdb1fb4d2b2f169d315b5a2b8f4f06b3013f71b3fcb700ad1e301bab

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks