Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8

  • Size

    166KB

  • Sample

    191212-wy8366z8n6

  • MD5

    4fe7445b59795400c3bafeba1936476a

  • SHA1

    4b49423d3d8e044936980ea4da80841426792a16

  • SHA256

    fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8

  • SHA512

    da440343cb4b20f3bb8ef66c856198f2e5348a8bdda56b760cfb5b5764f59252305a7a27f9d1e7e58280c3b8071308285be39ffd2c8c6aa6a0b9f897e49b1674

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://acqua.solarcytec.com/rtsbgs/XiWmtYYur/
exe.dropper

https://blog.learncy.net/wp-admin/user/oxZqQp/
exe.dropper

http://hospitalsanrafael.ainimedina.com/wp-includes/vwf-i8ge-4445917/
exe.dropper

https://sg771.kwikfunnels.com/phpmyadmin_bck/x9tfn-lv1h4-174129596/
exe.dropper

http://www.siyinjichangjia.com/wp-content/WYszsP/

Targets

    • Target

      fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8

    • Size

      166KB

    • MD5

      4fe7445b59795400c3bafeba1936476a

    • SHA1

      4b49423d3d8e044936980ea4da80841426792a16

    • SHA256

      fdae04b1d0b914d2b9dc91f1c96dac74307d9c0f47fe8fba253da9a939b0d6c8

    • SHA512

      da440343cb4b20f3bb8ef66c856198f2e5348a8bdda56b760cfb5b5764f59252305a7a27f9d1e7e58280c3b8071308285be39ffd2c8c6aa6a0b9f897e49b1674

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks