886e855874ca6ffbdef13c7ad5babdcccabdfd507b29dbc988a81b70e1762677 | Triage

Sharing

General

Target

886e855874ca6ffbdef13c7ad5babdcccabdfd507b29dbc988a81b70e1762677
Size

179KB
Sample

191213-7jmrxhdlcs
MD5

fa39d348eb9c7c781a3f39806ca35a3c
SHA1

17cfecaddf3d0244c8afb45db6924a8a359066b8
SHA256

886e855874ca6ffbdef13c7ad5babdcccabdfd507b29dbc988a81b70e1762677
SHA512

175e5a96d7f3f71ad9a5dec7b73633a6a32a5be55ab7a74a7bd63efe3f7ef437e6eeb066b2894ae674db2e0581057bdef5e6cd7e02233fe31b0b2b2b1497c0af

Score

8^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://birdlandonetoone.com/blogs/xth90m/

exe.dropper

http://generalpro.com/_private/a/

exe.dropper

http://kuznetsov.ca/thumbs/y/

exe.dropper

http://horal.sk/2016/YO/

exe.dropper

http://indrikov.com/in_velox_libertas/bj/

Targets

- Target
  
  886e855874ca6ffbdef13c7ad5babdcccabdfd507b29dbc988a81b70e1762677
- Size
  
  179KB
- MD5
  
  fa39d348eb9c7c781a3f39806ca35a3c
- SHA1
  
  17cfecaddf3d0244c8afb45db6924a8a359066b8
- SHA256
  
  886e855874ca6ffbdef13c7ad5babdcccabdfd507b29dbc988a81b70e1762677
- SHA512
  
  175e5a96d7f3f71ad9a5dec7b73633a6a32a5be55ab7a74a7bd63efe3f7ef437e6eeb066b2894ae674db2e0581057bdef5e6cd7e02233fe31b0b2b2b1497c0af
Score

8^/10
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

dropperexploitermaldoc